Skip to main content

 

Druva Documentation

About Mobile Forensics for Android devices

inSync Cloud Editions: File:/tick.png Elite Plus File:/tick.png Elite File:/cross.png Enterprise File:/cross.png Business

Overview

Mobile Forensics lets you automatically and transparently collect data from the Android devices of users in your organization. With this capability in inSync, the enterprise IT, information security, and legal teams can facilitate eDiscovery requests and check for compliance breaches in the data that is collected from Android devices.

For more information about how to back up and download mobile forensics data from an Android device, see Back up and download mobile forensics data.

What are the capabilities?

Mobile Forensics provide the following capabilities:

  • Collection of data and its associated metadata from Android devices with no end-user intervention.
  • Additional settings for collection of text messages, browser history, call logs, device info, and third-party app logs. Additionally, mobile forensics enables eDiscovery on this data or continuous monitoring for adherence to compliance policies.
  • Data collection according to the configured schedule for mobile devices.
  • Ability to download collected data through the inSync Management Console or access the data via WebDAV.

What data is collected from Android devices?

inSync administrators can retrieve the following data by configuring it from the inSync Master Management Console:
  • Text messages
  • Call logs
  • Device information
  • Browser history
  • Third-party app logs

inSync administrators can then access the data via WebDAV or download the data as a CSV file through inSync Web.

Note: Global folder and file exclusions will not be applicable while backing up forensics data on Android devices.

Who can access mobile forensics capabilities?

inSync cloud administrator and profile administrator can do the following:

  • Enable collection of mobile forensics by creating a profile or updating an existing profile.
  • Download the mobile forensics data as a local copy.

The legal administrator can view the mobile forensics data that is exposed via WebDAV.

Do I require a specific license for mobile forensics?

To access mobile forensics capability, you must have the Governance license that is available with the Elite Plus and Elite editions of inSync Cloud.

How can organizations use mobile forensics data?

  • Generate a Non-Compliance report

    By generating the Non-Compliance report, you can check for sensitive data and identify user, data sources, and files on Android devices that violate your organization’s compliance policy. This report can help you investigate potential risks and ensure that the sensitive data is protected. For more information, see Generate a Non-Compliance report.

  • Put the user on legal hold

    If the Android device users are handing sensitive data that is not in compliance with your company policy, inSync enables you to place these devices on a legal hold. For more information, see Create a legal hold policy.

Frequently asked questions

Can I back up forensics data if my Governance license has expired?

No, you need an active Governance license to back up forensics data for Android devices. If your Governance license has expired, the App Settings, Call Logs & Messages check box is disabled for selection. Additionally, you see the following message:

Mobile_forensics_governance_license_expired.png

Is forensics data backed up for deleted users, disabled users, and users who are on legal hold?

If backup of forensics data is enabled for the users, then the forensics data will be backed up even when the users are on legal hold, or are disabled or deleted from inSync.

Errors in CSV file after downloading the forensics data

Sometimes, you might encounter a few errors in the downloaded CSV file that contains the forensics data. See the following table for more information about the errors and their description:

Error Description
Not found This error is displayed when the column does not exist. A few vendors do not have a particular column in the table, for example, App used field in Samsung devices.
NA This error is displayed when there is an API version limitation. For example, App Install location is available only above API level 21. Anything below API level 21, the App Install location will be set to NA.