viaForensics: Forensic Pattern Lock Decoding for Android Devices

One of the latest features from viaForensics is the ability to reveal the pattern lock on Android devices.

Android devices store the pattern, or gesture, in an encoded file on the device. The file is located at /data/system/gesture.key and must be provided to viaExtract for the process to work. Techniques which can be used to access this file on a locked device include:

  • boot loader access
  • other special operating modes
  • JTAG
  • various privilege escalation techniques

Users who have installed the latest version will find the “Gesture key decode” utility under the Tools menu and, as the screen shots below illustrate, in just a few clicks have the pattern.


We’re preparing in-depth article on Pattern Lock Forensics right now. How to get the file, understand the decode mechanism and to determine if this decoding really needed during investigatio.

This entry was posted in News and tagged , . Bookmark the permalink.

One Response to viaForensics: Forensic Pattern Lock Decoding for Android Devices

  1. Pingback: Android Forensics Study of Password and Pattern Lock Protection | Android Forensic Software