Book Image

Learning Android Forensics

By : Rohit Tamma, Donnie Tindall
Book Image

Learning Android Forensics

By: Rohit Tamma, Donnie Tindall

Overview of this book

Table of Contents (15 chapters)
Learning Android Forensics
About the Authors
About the Reviewers

ADB backup extractions

Google implemented ADB backup functionality, beginning in Android 4.0 Ice Cream Sandwich. This allows users (and forensic examiners) to backup application data to a local computer over ADB. This process does not require root, and is therefore highly useful for forensic purposes. However, it does not acquire every application installed on the device. When a developer makes a new app, it is set to allow backups by default, but this can be changed by the developer. In practice, it seems the vast majority of developers leave the default setting, which means that backups do capture most third-party applications. Unfortunately, most Google applications disable backups; full application data from apps such as Gmail and Google Maps will not be included.


This method will not be useful against a locked device as user interaction with the screen is required.

Extracting a backup over ADB

The format of the ADB backup command is:

adb backup [-f <file>] [-apk|-noapk] [-obb|...