Android from 4.0 introduced a feature of backup using adb. This functionality could be used to create the backup of an application along with its entire data. This could be highly useful in forensics as the examiner will be capturing the application along with its entire data. Refer to the following steps:
This could be done by issuing the
adb backup
command to the terminal followed by the application's package name. In case we don't know the exact package name of the application, we could usepm
to list all the packages and then filter the app name.The other way to do this will be to use the
pm list package
command, with the–f
flag specifying the string you want to find in the package name.Next, we could simply take a backup of any application we need using the package name of the application.
adb backup [package name] -f [destination file name]
The destination file will be stored with the file extension
.ab
or Android backup. Here, we are taking...