Book Image

Learning Android Forensics

By : Rohit Tamma, Donnie Tindall
Book Image

Learning Android Forensics

By: Rohit Tamma, Donnie Tindall

Overview of this book

Table of Contents (15 chapters)
Learning Android Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Extracting data physically with nanddump


In all of the preceding examples, the partitions were all Multimedia Card (MMC) blocks, which is typically seen in newer devices. Older devices, however, are far more likely to consist of Memory Technology Device (MTD) blocks. We have seen cases in the past where the dd command was unable to properly image an MTD block, although more often than not, it works fine. If dd fails, there is a widely distributed utility called MTD-Utils used to read and write from MTD blocks; the nanddump command is a part of MTD-Utils, and can be used similarly to dd in order to read from an MTD block. In those cases where dd failed, nanddump was always successful.

Versions of nanddump compiled for Android can be found in many places online; we used the one found at https://github.com/jakev/android-binaries/blob/master/nanddump.

The process to put nanddump on the device is the same as the one used previously for netcat:

adb push nanddump /dev/Examiner_Folder/nanddump
chmod...