mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-30 00:20:59 +00:00
1.2 KiB
1.2 KiB
Android Forensics
Locked Device
To start extracting data from an Android device it has to be unlocked. If it's locked you can:
- Check if the device has debugging via USB activated.
- Check for a possible smudge attack
- Try with Brute-force
Data Adquisition
Create an android backup using adb and extract it using Android Backup Extractor: java -jar abe.jar unpack file.backup file.tar
If root access or physical connection to JTAG interface
cat /proc/partitions
search the path to the flash memory, generally the first entry is _mmcblk0_ and corresponds to the whole flash memory
.df /data
Discover the block size of the system
.- dd if=/dev/block/mmcblk0 of=/sdcard/blk0.img bs=4096
execute it with the information gathered from the block size
.
Memory
Use Linux Memory Extractor LiME
to extract the RAM information. It's a kernel extension that should be loaded via adb.