Android Phones are becoming more pervasive at MITRE's customers without any means of measuring malicious user or application behavior. More sensitive information is becoming accessible on these phones, while users have access to this data even in the most insecure of places. Without an enterprise monitoring strategy for these mobile devices, sponsors do not have the necessary data to determine when a compromise has occurred. This exposure to a user's or a malicious application's actions could leave sensitive data exposed with little recourse. There is a both a breadth and depth of information that can be gained by using physical forensic acquisition techniques against an Android phone. The resulting forensic images can be mostly treated as traditional images and can be subjected to traditional forensics tools and techniques for analysis. The MITRE Innovation Project research project "Detecting Maliciousness Using Periodic Mobile Forensics" addressed the enterprise use case of installed malicious applications. The results of the research will be discussed, as well as experimentation performed using real mobile malware.