BTFM for mobiles

09/06/2020

# logical acquisition using ADB

# use Inportnat.pdf file to get all relative files

adb backup -shared -all

adb shell dumpsys

adb shell dumpsys iphonestubinfo

adb shell dumpsys wifi

adb shell dumpsys usegestat

# ab-extractor for converting ab to tar

extractor.py backup.ab

# logical acquisition using AF Logical OSE

# uses content providers capabilities. Needs dev options enabled

aflogical-ose

# apk will be installed on the device

# what's the point? Offers to pull MMS, SMS. It's equivalent to backup or man acquisition with adb

# image the Android devices, needs root

mount

dd if=/dev/block/mmcblk0p12 of=/sdcard/tmp.image

# image memory sdcard

winhex to acquire the image

# analyse the files

Autopsy, choose the correct timezone

# recover deleted files

locate scalpel.conf

sudo chmod 777 /etc/scalpen/scalpel.conf

# uncomment the filetypes you're looking for and save

scalpel [image_file_name] -o [output_folder_name]

Share
Russian Federation, somewhere in Moscow
Powered by Webnode
Create your website for free! This website was made with Webnode. Create your own for free today! Get started