White paper; Identifying the Android OS version through UsageStats
By Alexis Brignoni
Locating the Android operating system version within a digital forensic extraction is necessary to properly apply operating system specific domain knowledge when parsing the data for forensic artefacts. Most automated tools that parse Android full file system extractions depend on the /system/build.prop file to determine the Android version among other device identifiers.
Due to how variable Android implementations are regarding access to the data source, a build.prop file might not be available in a particular forensic extraction. Is there a way to determine the Android version of an extraction by only looking at the user data directory? The answer is yes. This was useful to me since some of my digital forensics tooling for Android extractions would benefit from programmatically identifying the Android version when a build.props file is not available, said Alexis Brignoni.
Please download our paper below.