USB Debugging enables the tools and forensic workstations to communicate with the handset. The phone must be in this state for a trust relationship to be created between the forensic workstation and the device, which is required by most commercial tools in order to acquisition to succeed. Even a locked device can be forensically acquired if USB Debugging is enabled. If the password cannot be bypassed and USB Debugging is not enabled, the examiner may not be able to forensically acquire the Android device unless physical acquisition support is available. Currently, Cellebrite is one of the few tools able to access devices physically without USB Debugging being enabled on the Android.

For devices that allow USB Debugging to be accessed via a switch (Droid X, Incredible, and other older models), it can be done by going into the Main Menu > Settings > Applications > Development. The examiner must ensure that the device remains in USB Debugging mode after the device is connected to the forensic workstation or kit. There are few things as frustrating as realizing USB Debugging was switched off during a phone reboot during the acquisition process. 

For most devices now, the Build Number must be tapped seven times. Your forensic tool will instruct you on how to handle USB Debugging. You must follow every step, or your acquisition will fail. Acquiring an Android device requires patience. It’s not always simple. And always double- or triple-check that USB Debugging remains switched on.

After acquisition, follow the rules of your workplace to decide if you want to put the device back in the state that it was provided to you. This is recommended if you conduct covert operations. Keep in mind, though, every single time you touch the device, you leave a trace. You just have to consider who will be doing forensics against you and if it matters that you left your mark on that Android. For most investigators, this is never a concern. For those of us who support covert ops, this is a great concern and needs to be considered.