Book Image

Learning Android Forensics

By : Rohit Tamma, Donnie Tindall
Book Image

Learning Android Forensics

By: Rohit Tamma, Donnie Tindall

Overview of this book

Table of Contents (15 chapters)
Learning Android Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Summary


This chapter has covered many topics related to logical extractions of Android devices. As a recap, the various methods and their requirements are as follows:

Method

Requirements

ADB pull

  • USB debugging enabled

  • Secure USB debugging bypassed on 4.2.2+

  • Root access to obtain user data

ADB pull from Recovery Mode

  • Must be a custom recovery to enable ADB access

  • Root access to obtain user data

Fastboot to boot from custom recovery image

  • Unlocked bootloader

  • Boot image for device

ADB backup

  • USB debugging enabled

  • Secure USB debugging bypassed on 4.2.2+

  • Must be done from a running device (not Recovery mode)

ADB dumpsys

  • USB debugging enabled

  • Secure USB debugging bypassed on 4.2.2+

  • Must be done from a running device (not recovery mode)

SIM card extraction

  • None, should be done independent of device

Additionally, valuable user data can be recovered from the SD card, which will be covered in Chapter 5, Extracting Data Physically from Android Devices.

If a screen is locked, an examiner can...