I downloaded Oxygen Forensic Suite 2013 and surprisingly, the camera was recognized. This was not the case when I first tried Oxygen, but that was before the camera was rooted and I was using an older version of the software. Knowing that both EnCase 7 and Oxygen can acquire the camera, I decided to dabble some more into Santoku.
Today I found my Android Forensics book (which I've been looking for this whole time) and used Santoku's terminal to try the logcat and dumpsys commands. I used the command "adb shell logcat > log.txt" to dump the logs from the camera to a text file on Santoku. I found that this dump didn't capture as much data as the command "adb logcat" did. Using the latter, the results were presented within the terminal and were updated every couple of seconds. I noticed that when I touched the screen on the camera, the log was updated with the word PUSHED and when I shut the display off, a number of LCD requests were created. It was pretty interesting to watch the log do a live update and it's something I'd like to look further into.
What I found more interesting though, was the command "adb shell dumpsys > dump.txt" This dump consists of account data, application data, network data, and much more. It turns out to be a pretty extensive word document and can take a while to sort through if you don't know what you're looking for specifically. Thanks to Andrew Hoog's android forensic book, I was able to filter through the dump and find what I wanted.
I ran the command and opened the dump.txt file. I found the 6 accounts created on the camera:
Next, I looked for Last Known Locations, which provided me with pretty exciting data:
Looking at the mTime under Passive, we can convert that number to:
Beneath the mTime is mLatitude and mLongitude. This is the location of the camera when it last connected to a cell tower. I threw these numbers into this website to see if the locations were accurate. I had expected the locations to be somewhat close to where I was, but to my surprise, they were dead on:
I'm still looking more into what logcat and dumpsys have to offer. Andrew's book goes into numerous other Linux commands to run in order to find all sorts of data on the camera. I plan on spending the rest of my week trying out these commands and gathering as much data as possible from them.