[Linux] Android Acquisition using ADB, root, netcat and DD
ฝัง
- เผยแพร่เมื่อ 20 เม.ย. 2017
- In this video we acquire an android smartphone (Samsung Note II) using Android Debug Bridge (ADB), netcat and dd using a Linux forensic workstation. The system I am using is Ubuntu linux. On the "forensic workstation" you will need ADB and netcat installed.
Android Developer: developer.android.com/studio/...
KingoRoot: root-apk.kingoapp.com/
BusyBox: www.appsapk.com/busybox-app/
FreeAndroidForensics: freeandroidforensics.blogspot...
🚀 Full Digital Forensic Courses → learn.dfir.science
010001000100011001010011011000110110100101100101011011100110001101100101
Get more Digital Forensic Science
👍 Subscribe → bit.ly/2Ij9Ojc
❤️ YT Member → bit.ly/DFIRSciMember
❤️ Patreon → / dfirscience
🕸️ Blog → DFIR.Science
🤖 Code → github.com/DFIRScience
🐦 Follow → / dfirscience
📰 DFIR Newsletter → bit.ly/DFIRNews
010100110111010101100010011100110110001101110010011010010110001001100101
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Please link back to the original video. If you want to use this video for commercial purposes, please contact us first. We would love to see what you are doing. - วิทยาศาสตร์และเทคโนโลยี
![[Windows] Android Acquisition using ADB, root, ncat and DD](http://i.ytimg.com/vi/KKkvkCgMeMA/mqdefault.jpg)
![[Windows] Android Acquisition using ADB, root, ncat and DD](/img/tr.png)
![Find Information from a Phone Number Using OSINT Tools [Tutorial]](http://i.ytimg.com/vi/WW6myutKBYk/mqdefault.jpg)
Thank you for the tutorial. Hope to be able to use this on my old android phone to get the pictures off it.
I'm a N00b but haven't had this much fun with computers since I bought a Commodore64 in 1985 with money I saved being a caddy all summer..when I was 12. I feel like a kid again. It's great!
Since I'm "the computer guy" people give me old electronics all the time and the pile of mystery cellphones has been getting shuffled around long enough. "The Price is Right" hole punch game style I reached into the box and got...
e960
"OK," I told myself, "don't lose any of the data, try to be as kid-gloves / hands off as possible. No network access. Bluetooth and USB only. Keep the device 'as is' and only use Linux."
The self-imposed rules were 1985. No internet. Just a box and what was on it. I could download software onto the computer because that is like going to the store to buy more software. I could read stuff and watch videos because that's like going to the library.
Stranger Things / Goonies / Real Genius style.
(I do own a pair of bunny slippers and so should everyone so say we all)
I don't know Linux.
I'm horrible with cell phones.
Professionally I work with Windows machines and people that have more money than brains.
I'm bored with my "career".
I need a good challenge, something to keep me up half the night, and make me feel like a kid again.
I need a new toy.
The Device:
Guest account only accessible. CM Security. PIN. LMY47V The device freezes so crashing the lockscreen works you just can't do anything after because it's frozen/lockedup.
LOCKED.STOCK. (I really want to make a 2 smoking barrels reference but it's tired and I'm late).
I. Tried. Everything. (that was free...I'm not going to spend money on something I know I can figure out. I'm stubborn.)
Spent 2 months trying various "things" to no avail. I read a lot. TH-cam'd Clockwork Orange style. Hammer away for 2 or 3 nights, hit a roadblock, try to work around the roadblock. Discover more roadblocks. Re-Start from a beginning, follow a path, rinse repeat. 2 months. Weekends. Every night after work.
Until one night last week...
Guzzled liquid courage...
"You can get it back and work it from THAT angle!" I heard Det. Ronald Nathan Harris tell me.
Det. Harris is my pet Chameleon.
Ok fine, i was drunk.
Wiped the device.
There is/was 6gb of data I couldn't get at.
Your video is the one...of the several I watched...yours was the video I followed to get the RAW image. Which I keep on a RAID 1 backup, write protected, in a folder called THE MORGUE.
Now I'm starting to slice up copies of the body in Santoku.
Playing with my new toy.
Staying up way too late.
Watching your videos.
Trying to figure this all out.
Like it's 1985 again.
It's 3:30am
I'm 44 going on 13.
thnx
Was the money worth it... chasing that damned gopher around all summer? : )
so how can we do data acquisitions without root because in real life most people dont use root
Have you found a response to your question? I am posed with the same issue, collecting an Android's physical image WITHOUT rooting the device. I can't seem to find any answers.
for Ubuntu 20.04 -- just run:
sudo apt install adb
dependencies are automatically taken care of...
Same thing in Debian Bookworm :)
Did you ever had the chance to make the follow up video? This one helped me a lot with a project.
Thanks guy it's very useful tricks i really appreciate
Can you do this without BusyBox? The BusyBox won't install on my phone for some reason
wow your videos are very awesomes, very interesting y so easy to learn :) thanks for share it and have a great day. :)
Thanks! I appreciate it.
Thanks very much for the video. I have tried to make acquire by SDCard and was very fast, but, for this way in the video, que speed was so slowly, about 6 bytes/sec. Do you know what can stay happening?
very useful video
Hey, thanks for this video, it helped me alot with my final year project at university. My project was an android mobile forensics project. I am just wondering, will this work for a newer version of android such as 6.0 marshmallow?, as I want to try the experiment again only with a newer phone.
Thank you
nope
Hey! it does work if the device is rooted. I used an LG phone with Android 6.0 installed on it and it worked just a few days ago.
Hello there! glad to hear your project is also about Android forensics.. could you do me a favor? if you have already completed your project can you give me to study it?
My phone stucks after typed in the PIN. So I really cant use any program using the UI of the phone. Really looking forward to a solution, to recover my data only using the terminal. Anybody have suggestions for me?
Is there any tool to analyze the .dd image after acquisition? I tried an open source tool Autopsy which couldnt parse it.
Maybe you can mount the image file? I have done this before with windows and linux idk if it can with android
MaXXiMuMTroLleRs autospy never really worked for me so i have lots of open source tools from git and it is a lot better
@@d_o_o_m_e_d5939 can you list some of these open source tools that worked for you
Elloh Sitsofe they are mostly for windows forensics like srum parser or mft analyzer etc but if you want i can list them
👍Cheers buddy, but for something like that [forensic] I'd prefer Santoku. Less f***** around.
Have u any ideas how to get Root at android 6.0 or higher? Today, obtaining root at higher versions of android 6 is very risky. Is there a way to get them officially/legal?
Have you looked into Magisk? www.howtogeek.com/312404/how-to-root-your-android-phone-with-magisk/
@@DFIRScience Thanks for the answer. I know what is possible with the help of magisk, but recently I realized that this may not always work: recently they brought me a phone of the Samsung a50 model and I almost turned it into a non-working stone. In addition, after such action in such phones, the warranty and so on may disappear
If you are rooting for forensics, your best option is to buy a forensic acquisition tool. It's expensive but pretty reliable. Other methods are more difficult, and it's hard to get consistent results, unfortunately.
@@DFIRScience Ok, Thanks for the answer and ur videos; and what a forensic acquisition tool can you offer to buy?
@@Comrade.Archer Did u get any result from ur phone. I ve d same model in that I m only able to access recovery boot mode.
what screen recorder are u using ?
My main system is Linux. I use Vokoscreen for recording and Audacity and Shotcut for Audio and Video editing.
Vokoscreen: github.com/vkohaupt/vokoscreen
Shotcut: th-cam.com/video/SSKcND0YBpU/w-d-xo.html www.shotcut.org/
Audacity: www.audacityteam.org/
Hey, does this still work? currently learning new tools and just wondering whether this still would be the best way?
Thanks
If you can get root access, yes. However, if you are comfortable with Linux, check out android_triage: th-cam.com/video/jRRH2YWSnhE/w-d-xo.html
@@DFIRScience Yeah absolutely love linux but using a virtualbox to run it and has issues converting android to an dd unfortunately. Thanks I will have a look now, if it comes to it I'll just run linux on my 2nd hardrive and dual boot.
How to root infinix note 11
can i recover android phone data using linux? cus i have problem with my brother phone, he's passed away 2 month's ago and his phone locked with fingerpint. my parent's want me to unlock the phone cus they want to see my brother data, and then i tried to unlock the phone but ended up with formatting it, lol.
Try using Google or iTunes to remotely reset the password? If you get into his Google account (for android) you might be able to change the screen lock depending on what settings he had
But also, there are many different methods using hacking tools and otg cables and whatnot, I believe if the phone automatically connects to a network that you have access to, it might make it easier, you might be able to contact the phone company the service provider... In my experience account recovery is easier while the phone number still works.
Or there's always the option of paying someone to recover the data
Typically phones have back up passwords in case the finger print reader fails, you may be able to guess the password or use a brute force attack... I do believe these days that it may not even be possible to access someone's phone if they have a secure password and all the right security settings... the federal government was unable to access the terrorists iphone from California, the gov tried to force Apple to create a backdoor and they lost in court.
You repeat toooooo much