The dd
utility is one of the most used tools in forensics in order to create an image for the data extraction process. In other words, it is used to convert and copy the input file specified to the output file. Often during analysis, we won't be allowed to interact with and make changes to the evidence directly. So, it is always a good option to have an image of the device filesystems and then perform the analysis on it.
The dd
utility is present by default in most of the Linux-based systems, as well as in Android devices at /system/bin
. If it is not present in your device, you could install BusyBox, which will install dd
along with some other useful binaries. You could get the dd
binary for Android from the BusyBox App (https://play.google.com/store/apps/details?id=stericson.busybox) or you could even cross-compile it yourself.
The standard syntax to use dd
is as follows:
dd if = [source file which needs to be copied] of = [destination file to be created]
There are...