DFS101: 11.2 Mobile Device Acquisition
ฝัง
- เผยแพร่เมื่อ 4 ต.ค. 2024
- In this video, we will acquire a disk image from an android smartphone using ADB and rooting.
Get started digital forensic science! Digital forensic science lets us recover data and investigate digital devices.
🚀 Full Digital Forensic Courses → learn.dfir.sci...
010001000100011001010011011000110110100101100101011011100110001101100101
Get more Digital Forensic Science
👍 Subscribe → bit.ly/2Ij9Ojc
❤️ YT Member → bit.ly/DFIRSci...
❤️ Patreon → / dfirscience
🕸️ Blog → DFIR.Science
🤖 Code → github.com/DFI...
🐦 Follow → / dfirscience
📰 DFIR Newsletter → bit.ly/DFIRNews
010100110111010101100010011100110110001101110010011010010110001001100101
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Please link back to the original video. If you want to use this video for commercial purposes, please contact us first. We would love to see what you are doing.
![[ TEASER ] เงาะป่า - วงL.กฮ. | TMG RECORD](http://i.ytimg.com/vi/M4ObdFfcPww/mqdefault.jpg)
How would you do this on a android mobile device with broken screen and no usb debugging enabled.
Is there way to resume when I interrupt the progress?
Like DD can resume with seek or skip, but need `of=` option, which is different location from android and the destination image if we use this method
Hi. After successfully creating an image of my Android, i noticed that folders in userdata are encrypted (random letters), I believe ny device has File Based Encryption. What if I remove my lockscreen password and other security measures such as fingerprint lock, will I be able to have a decrypted backup? I am currently trying to backup my userdata partition as I have accidentaly deleted a bunch of files in my device. Thank you.
I keep getting an error when trying to install busybox... it goes to the phone but when i open it on the phone and hit install.. it says it wasnt installed ..
what do I do? Please
Hi when acquiring physical image, should the phone be turned off?
Modern phones will need to be turned on while making the image, unfortunately. That's one reason phone acquisitions are so difficult.
@@DFIRScience Thank you so much, I followed the instructions above and I was able to sucessfully create an image of my userdata (.dd), f2fs format, however I can't seem view the contents using sleuthkit. I believe because it's encrypted? I am using Poco x3 nfc by the way. Do you have any idea how I should image my userdata to have a decrypted image? Userdata path is in dev/block/sda16
@@jampinkoigomezgomez1297 I'd recommend this method instead: th-cam.com/video/jRRH2YWSnhE/w-d-xo.html
You'll get a more consistent logical acquisition.
how to bild a tecknow side like arigenul on my so kold phone/computer or laptop but seance ot wasnt from hoom them are but to take my sides upstruckted compermashion,up loaded attack on me,my identity or what qustionabel between life sides believeabel processed patirn untill one or nore me any that is correct of connectshons on whatll thayll do for apucealietly procced or deteckd/epstrackd/unconneckted/platform to then makeing untopshional optane/controll by my tecknalagys untill im not withen any all so wen what pospone throw time,death,speaicheal then as time trying too caputalizeing then trying over run then brakeing inblackment-meaning to completely unabel my typ of over thinken about any other then makeing look as thay care then strikein proponein thoo time but make as im standen alone but ill do like i always or trying to ,look away then captulizeing processed thoo timed spearitcheal or on one minny or all or one pucifik life streem on to/then as trying too make so regretabel 4 minny or all but im doing is takeing death from one but not what u think ❤
I followed same steps and done exact same things to aquire an image of my andorid but m still having problem extracting into sleuth kit autopsy. How can I solve that?
Were you able to download data from the phone?
@@DFIRScience Yes I got 60gb image file from my 64gb phone
Try to create more videos
Working on it. Do you have anything specific you would like to see?
@@DFIRScience Hi your videos are great very explained.. can you please show a full video about recovering files from a formatted android phone, from accessing the device > getting permissions > creating an image and recovering the data ? THNX!
kingoroot? xD Sorry man, is not a new device, true? Because a root in new device not a simple and a requisite is a wipe ...
Yeah - that one is older but simple. You might look at something like Magisk. www.howtogeek.com/312404/how-to-root-your-android-phone-with-magisk/