The Helpline has acquired data from an Android device that could be infected or can be used a digital evidence, and needs to issue a report on the forensic acquisition.
Edit me

Mobile Data Acquisition Report Guidelines

Guidelines for producing a report of a forensic data acquisition on a mobile device


All the steps detailed in Article #305: Android Devices Data Acquisition Procedure (SD Card and SIM card byte-copy, data acquisition with Android Debug Bridge) should be detailed in this report, along with the results of the previous research and data gathered on the device.


Create a report with the following sections:

  • Title page: Case name (Access Now Ticket number), date, investigator’s name, and contact information
  • Table of Contents
  • Executive Summary
  • Aim of the investigation and objectives
  • Device research and data: general information, condition of the device, hardware structure, file system, etc.
  • Selected acquisition tool and justification of the selection (include software and hardware used, version numbers, etc.)
  • Procedures followed: SD Card and SIM card byte-copy, data acquisition with Android Debug Bridge
  • Image information summary: image name, hashes, name of the encrypted container, etc.
  • Timeline: concise timeline of important events
  • Conclusion
  • Signature
  • Investigator’s curriculum vitae, chain of custody documentation, supporting document linked from the body of the report, etc.


Find an official format for the report here.