Scribd
Upload
41 views39 pages

Android Forensics: Tools and Techniques

The document provides an overview of Android forensics, emphasizing the importance of understanding the Android operating system and its various versions. It discusses tools like the Android Debugging Bridge (ADB) and the process of rooting Android devices for forensic examinations. Additionally, it covers the steps to enable developer mode and the significance of specialized key codes for diagnostics and forensics.

Uploaded by

whittykrish19
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
41 views39 pages

Android Forensics: Tools and Techniques

The document provides an overview of Android forensics, emphasizing the importance of understanding the Android operating system and its various versions. It discusses tools like the Android Debugging Bridge (ADB) and the process of rooting Android devices for forensic examinations. Additionally, it covers the steps to enable developer mode and the significance of specialized key codes for diagnostics and forensics.

Uploaded by

whittykrish19
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Android Forensics

Presented by
[Link]
Assistant Professor
Department of Computer Science & Engineering
SETHU INSTITUTE OF TECHNOLOGY
Reference Book: Chuck Easttom, “An In-depth Guide to Mobile Device Forensics”, First
Edition, CRC Press, 2022.

Department of CSE, SIT 3/8/2020


Android OS
• Android has a large percentage of the mobile device
market, making it important for understanding mobile
forensics.
• This knowledge must include the fundamentals of
Android, including the history of the operating
system.
• But it also includes more detailed information such as
the various file systems and the system architecture.
• Furthermore, there are various tools for working with
Android including Android Debugging Bridge
(ADB).

Department of CSE, SIT


ANDROID BASICS
Android is a very common operating system. It is obviously
found on Android phones, but it is also found in smart TVs,
automobiles, and some IoT devices.
It is clearly quite important to understand the Android operating
system in some depth.
The Android operating system is a Linux-based operating system,
and it is completely open source. If you have a programming and
operating systems background, you may find it useful to examine
the Android source code from [Link]
Android was first released in 2003 and is the creation of Rich
Miner, Andy Rubin, and Nick Sears.
The versions of Android have been named after sweets:

Department of CSE, SIT


ANDROID VERSIONS

Department of CSE, SIT


ANDROID VERSIONS

Department of CSE, SIT


ANDROID VERSIONS – Eclair
2.0

Department of CSE, SIT


ANDROID VERSIONS

Department of CSE, SIT


ANDROID VERSIONS
2.3 Ginger Bread

Department of CSE, SIT


ANDROID VERSIONS

Department of CSE, SIT


ANDROID VERSIONS
4.0 Ice Cream Sandwich

Department of CSE, SIT


ANDROID VERSIONS

Department of CSE, SIT


ANDROID VERSIONS

Department of CSE, SIT


ANDROID VERSIONS

Department of CSE, SIT


ANDROID VERSIONS –
6.0 Marshmallow

Department of CSE, SIT


ANDROID VERSIONS
7.0 – 7.1: Nougat

Department of CSE, SIT


ANDROID VERSIONS
8.0 – 8.1: Oreo

Department of CSE, SIT


ANDROID VERSIONS
9.0 Pie

Department of CSE, SIT


ANDROID VERSIONS

Department of CSE, SIT


ANDROID VERSIONS

Department of CSE, SIT


ANDROID VERSIONS

Department of CSE, SIT


ANDROID VERSIONS

Department of CSE, SIT


ANDROID VERSIONS

Department of CSE, SIT


ANDROID VERSIONS

Department of CSE, SIT


ANDROID VERSIONS

Department of CSE, SIT


SPECIALIZED KEY CODES
There are a number of keycodes that can be entered on an
Android phone to get useful information from the phone.
Some of these codes work with all Android models, others
are specific to particular models. These are useful in
diagnostics as well as forensics.

Department of CSE, SIT


Department of CSE, SIT
WORKING WITH ANDROID
Whether you are attempting diagnostics, performing a
forensic exam, or testing an Android app in development,
you will find the Android Debugging Bridge (ADB) to be
useful.
To extract data from an Android phone or tablet, it must be
in developer mode.
How you get there has changed with different versions,
where to access developer mode is given here (note some
models might have slightly different steps).
Also note, that even if you are not using ADB, phone
forensics tools require you to place the phone in developer
mode to use the forensic software.

Department of CSE, SIT


WORKING WITH ANDROID
Settings> General> About and tap the Build number 7 times.
After tapping the Build Number 7 times, you will see a message
“You are now a developer!”
Return to the main Settings menu and now you’ll be able to see
Developer Options.
Tap on Developer options and mark the box in front of USB
Debugging to enable it.
To disable USB Debugging mode later, you can uncheck the box
before the option.
To enable Developer Options, go to Settings> Developer options
and tap on the ON/OFF slider on the top of the page.

Department of CSE, SIT


ADB

Department of CSE, SIT


ADB
You can download this free tool from
[Link]
The Android Debugging Bridge has three components:
• A client, which sends commands. The client runs on the
development machine. The investigator can invoke a client
from a command-line terminal by issuing an adb command.
• A daemon (adbd), which runs commands on a device. The
daemon runs as a background process on each device.
• A server, which manages communication between the client and
the daemon. The server runs as a background process on your
development machine.

Department of CSE, SIT


ADB Commands

Department of CSE, SIT


ADB Commands

Department of CSE, SIT


ADB Commands

Department of CSE, SIT


ADB Commands

Department of CSE, SIT


ROOTING ANDRIOD
Unfortunately, there is some data one cannot get to
without rooting the Android phone. The term root is the
Linux term for the administrator.
In Linux, you simply type su (super user or switch user)
and enter the root password.
However, Android phones don’t allow you to do that.
Rooting a phone gives you complete root access to all
aspects of the phone.
However, that will also void any warranty.

Department of CSE, SIT


ROOTING ANDRIOD
In the past, rooting was not terribly difficult. There were
even apps one could get that would root the phone for
you. Most of these apps do not work on current models
of Android.
However, there are some methods that might work,
depending on a number of variables. For example, the
model you have, the version of Android, etc. will affect
whether or not you will be successful.
It is important to keep in mind that these are simply
possible techniques. There is no guaranteed method for
rooting an Android phone.

Department of CSE, SIT


ROOTING ANDRIOD
Before you can root a phone it must first be OEM (Original
Equipment Manufacturer) unlocked. And it so happens, that
before you can OEM unlock, you must first unlock it from the
carrier.
If your phone has “OEM Unlock” enabled and visible under
developer settings, then you have the option to use ADB
(discussed in the previous section) and move to what is called
fastboot mode. For most phones this is done by using ADB and
typing in adb reboot bootloader.
At that point you can try fastboot oem unlock. If that does not
work, then your model requires you to get an unlock code and
send it to the vendor to get OEM unlock

Department of CSE, SIT


Department of CSE, SIT 6/8/2020
3/8/2020
Department of CSE, SIT 6/8/2020
3/8/2020

You might also like