Skip to content
Log in

File-based encryption (FBE)

Definition

An Android encryption model introduced in Android 7.0 in which each file is encrypted with a separate key derived from the user credential. FBE replaced full-disk encryption (FDE) on most devices from Android 10 onward. Under FBE, even chip-off acquisition of unallocated blocks yields ciphertext that cannot be decrypted without the per-file key.

Related terms

Bootloader
Firmware that runs immediately after power-on to verify, load, and hand control to the operating system. A locked bootloader refuses to execute...
Chip-off acquisition
A physical extraction method in which the flash memory chip is desoldered from the device's circuit board and read directly with specialised...
EDL mode (Emergency Download mode)
A Qualcomm diagnostic protocol embedded in the Primary Boot Loader (PBL) that activates before the main OS and accepts raw memory read...
Full-disk encryption (FDE)
A storage protection model in which the entire partition is encrypted with a key derived from the user's passcode and hardware-bound identifiers....
NAND flash
The type of non-volatile memory used in all modern mobile device storage. Data is written to pages grouped into blocks; erasure operates...
NAND flash erase block
The minimum unit that can be electrically erased in NAND flash memory. Erase blocks are larger than write pages (often 256 KB...
SQLite free page
A database page that SQLite has placed on an internal free-page list after a row deletion. The page retains its original content...
Thumbnail cache
A store of small preview images generated by the OS or applications when media is first viewed. On Android the primary cache...
TRIM
A command issued by the file system to the flash controller identifying blocks that are no longer in use, so the controller...
Wear levelling
A flash controller algorithm that distributes write operations across all blocks evenly to prevent any single block from wearing out prematurely. A...

Explained in these topics

  • Deleted Data Recovery on Mobile DevicesAn Android encryption model introduced in Android 7.0 in which each file is encrypted with a separate key derived from the user credential. FBE replaced full-d...
  • Physical Acquisition TechniquesThe encryption model used in modern Android devices (Android 7 and later) and iPhones, in which individual files or directories are encrypted under different k...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account