The next step up in extraction abilities is a filesystem extraction. All the data exported in these categories will be live data and will not have the possibility of containing any deleted data. For example you can choose to extract SMS data, but all SMS will be collected not just conversations between specific people or phone numbers. It is possible to specify specific categories to collect, such as only SMS and MMS, but you cannot specify particular items in that category to only export. The typical data available via a logical extraction are call logs, SMS (Short Messaging Service, commonly known as text messages), MMS (Multimedia Messaging Service, which are generally text messages with attachments or group text messages), images, videos, audio files, contacts, calendars and application data. This process allows for the acquisition of most of the live data on the device, much like that of a live targeted collection of computer. The extracted data is output into a readable format. The forensic tools use these API’s to communicate with the mobile device’s operating system and request the data from the system.
Ufed reader physical vs logical software#
In a logical extraction, the forensic tools communicate with the operating system of the mobile device using an API (Application Programming Interface), which specifies how software components interact. The quickest and most supported extraction method, but also the most limited, is a logical extraction. The feasibility of these three types of extractions depends upon the make, model and operating system of the mobile device. There are three types of extractions that may be performed on a mobile device: logical, filesystem, and physical.