Android Forensics
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
To start extracting data from an Android device it has to be unlocked. If it's locked you can:
Check if the device has debugging via USB activated.
Check for a possible smudge attack
Try with Brute-force
Create an android backup using adb and extract it using Android Backup Extractor: java -jar abe.jar unpack file.backup file.tar
cat /proc/partitions (search the path to the flash memory, generally the first entry is mmcblk0 and corresponds to the whole flash memory).
df /data (Discover the block size of the system).
dd if=/dev/block/mmcblk0 of=/sdcard/blk0.img bs=4096 (execute it with the information gathered from the block size).
Use Linux Memory Extractor (LiME) to extract the RAM information. It's a kernel extension that should be loaded via adb.
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
