Android Physical Extraction - FAQ

Similar documents
What Happens When You Press that Button? Explaining Cellebrite UFED Data Extraction Processes

UFED 4PC/Touch 4.1 & UFED Physical/Logical Analyzer Release Notes

Cellebrite UFED Physical Pro Cell Phone Extraction Guide

Board also Supports MicroBridge

ER-260. SmartPhone Recovery Pro TM. User Guide. Rev Android Data Recovery Software for Windows OS

Axis 360 Guides Table of Contents. Axis 360 & Blio ebooks with Android Devices (1/30/14)

Pentesting Android Mobile Application

Colorfly Tablet Upgrade Guide

ADMINISTRATOR GUIDE FOR USA MOBILITY AMC SELECT

IONU PRO Product Overview

Android device with Bluetooth enabled and paired with another Bluetooth device.

Free Presentations thanks to Avast Software Norbert (Bob) Gostischa (505) Presentations started on Dec 1, 2010 in AZ

Case Study: Mobile Device Forensics in Texting and Driving Cases

Case Study: Smart Phone Deleted Data Recovery

Sophos Mobile Control user help. Product version: 6.1

Type Message Description Probable Cause Suggested Action. Fan in the system is not functioning or room temperature

Setup your university on your Android smartphone

Additional details >>> HERE <<<

How to Remotely Track Any Lost Smartphone, Tablet, or PC

How to Install Applications (APK Files) on Your Android Phone

MOBILE APPS. QA Testing for mobile applications

VMware Horizon FLEX User Guide

UNIFIED MEETING 5 HELP

Retrieving Data from Apple ios Devices Using XRY

Before proceeding with the update process, Back-up/Synch your data to maintian: Calendar Events Contacts Accounts Messages

Getting Started with VMware Fusion

More details >>> HERE <<<

Mobile memory dumps, MSAB and MPE+ Data collection Information recovery Analysis and interpretation of results

Using Devices. Chapter 3

Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015

Mobile App User's Guide

Samsung Drive Manager FAQ

Mobile application testing is a process by which application software developed for hand held mobile devices is tested for its functionality,

BYOD Mobile Device Chart

XenMobile Logs Collection Guide

More details >>> HERE <<<

System update procedure for Kurio 7 (For build number above 110)

Downloading an Acted ebook Accessing an ActEd ebook on more than 1 computer/device Printing an ActEd ebook

Password Depot for Android

Security Issues in Android Custom ROMs

Soonr Workplace Enterprise Plan Overview

Feature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT

Seagate NAS OS 4 Reviewers Guide: NAS / NAS Pro / Business Storage Rackmounts

Sophos Cloud Help Document date: January 2016

SeaSmart Firmware Update via FTP

BitLocker To Go User Guide

Dacorum U3A Apple Mac Users Group Agenda TUESDAY 7th July 2015 Time Machine Backups for your MAC & ipad?

Novell Filr. Mobile Client

Cell Phone Operating Systems

Developing for MSI Android Devices

Full version is >>> HERE <<<

Frequently Asked Questions Enterprise Mobile Manager

CNJG Annual Meeting Pre-Meeting Workshop. Presentors: David Binder, Dir., IT Don Debias, Help Desk Mgr. John Bednar, Sr. Help Desk Specialist

Frequently Asked Questions: Cisco Jabber 9.x for Android

Department of Veterans Affairs Two-Factor Authentication MobilePASS Quick Start Guide November 18, 2015

Adobe Reader Settings

Content Get Started... 3 Insert SIM card and Memory Card...3 Charging the Battery or Connect to a Computer...4 PAD Overview...

Installation:... 1 Configuration Procedure... 2 Single- Click connection/disconnection using menu bar icon... 6

Example Connection between USB Host and Android

Last modified: November 22, 2013 This manual was updated for the TeamDrive Android client version

Client System Requirements for Brainloop Secure Dataroom as of Version 8.30

NHSmail mobile configuration guide Apple iphone

Into The Droid. Gaining Access to Android User Data DEF CON 20

Driver Upgrade Instructions

Digi Connect Wan 3G Application Guide Update the firmware, backup and restore the configuration of a Digi Connect Wan 3G using a USB flash drive.

Example of Standard API

NHSmail mobile configuration guide Android mobile devices

Manual for Android 1.5

CDR-100. iphone Spy Recovery (for Win) User Guide. Rev iphone Data Recovery Software for Windows OS

MobileLite Wireless G2 5-in-1 Mobile Companion User Manual

Kaspersky Security 10 for Mobile Implementation Guide

How to downgrade Samsung Galaxy Tab 2 back to original V4.1.1 Android OS

Android vs. Apple ios Security Showdown Tom Eston

University of Rochester Sophos SafeGuard Encryption for Windows Support Guide

IP Office Anywhere Demo Installation

SOFTWARE UNIT 1 PART B C O M P U T E R T E C H N O L O G Y ( S 1 O B J A N D O B J 3-2)

Undercover. User Guide

User Guide Novell iprint 1.1 March 2015

Multi-Factor Authentication for first time users

HP AppPulse Active. Software Version: 2.2. Real Device Monitoring For AppPulse Active

Discovering Computers

Sophos Mobile Control Administrator guide. Product version: 3.6

Setup Guide-Mobility ActiveSync Hosted Exchange Configuration

Actualtests.C questions

Acquisition of digital evidence in android smartphones

Quickstart Guide Vodafone Mobile Wi-Fi R207

Document OwnCloud Collaboration Server (DOCS) User Manual. How to Access Document Storage

Analysis of advanced issues in mobile security in android operating system

NIST Mobile Forensics Workshop and Webcast. Mobile Device Forensics: A Z

A Survey on Mobile Forensic for Android Smartphones

LexisNexis Law School ebooks / etextbooks FAQs LexisNexis Store Purchases

INSTALLATION GUIDE Netop Mobile for Android

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Fusion Voic Plus User Guide For Android Devices

Introducing OneDrive for Business

Transcription:

Android Physical Extraction - FAQ Nadav Horesh June, 2012 1

Table of Contents Introduction... 3 Android Debugging Bridge (ADB)... 4 Q: What does ADB stand for and how does it work?...4 Q: So can ADB be used to extract any Android device? What s the catch? 4 Q: How do I turn on USB debugging?... 4 Q: Does this method bypass the unlock password or pattern? Will I be able to reveal it?... 4 Q: How do I get Administrator (root) permissions on the device?... 4 Q: I turned on USB debugging. What extraction types can I perform?... 4 Q: Does this extraction method change any of the data on the device?... 5 Q: Can you summarize this entire ADB topic in one sentence?... 5 Boot Loader Extraction... 5 Q: What is Boot loader extraction?... 5 Q: Does this method bypass the unlock password or pattern? Will I be able to reveal it?... 5 Q: Does this extraction method change any of the data on the device?... 5 Q: Which devices are supported by this method?... 5 Technical Terms... 5 2

Introduction There are many different devices running the Android OS: Phones, MP3 Players, Tablets, ebook Readers and more. There are two main approaches when it comes to extracting Android devices: ADB (USB Debugging) method which utilizes a built-in protocol within the operating system Several other methods in which the extraction takes place before the operating system has started running This document will cover the pros and cons of each method and will try to answer frequently asked questions. 3

Android Debugging Bridge (ADB) Q: What does ADB stand for and how does it work? A: ADB, or Android Debugging Bridge, is a built-in protocol within the Android operating system. This means that basically every Android-based device should have this protocol. This protocol enables developers to connect to an Android-based device and perform low-level commands used for development. We utilize this protocol to perform an extraction of Android Devices. Q: So can ADB be used to extract any Android device? What s the catch? A: Yes and no. In theory, every Android device can be extracted using ADB. However, there are some limitations: The USB debugging option must be enabled on the device and we need to get administrator (root) permissions on it. Q: How do I turn on USB debugging? A: On most Android devices, do the following: go to Menu -> Settings -> Applications -> Development and then click USB debugging to enable ADB. Q: Does this method bypass the unlock password or pattern? Will I be able to reveal it? A: As explained above, USB debugging must be turned on before it s possible to attempt an extraction, and this cannot be done when the device is locked. However, in some cases the user could have turned on USB debugging before locking the device. In this case you will be able to bypass the screen lock. If you successfully perform an extraction you will be able to see the Numeric password or pattern lock protecting the device in the Physical Analyzer. Q: How do I get Administrator (root) permissions on the device? A: After ADB is turned on, the UFED will automatically detect the Android OS version running on the connected device and whether it is rooted or not. if the device is not rooted the UFED will gain root permissions automatically.. This is currently supported for all available Android OS versions (1.5-4.0.x). It is possible to manually root the device using 3 rd party tools, but this is not recommended as it may harm the integrity of the data on the device, potentially even bricking it. Q: I turned on USB debugging. What extraction types can I perform? A: You can currently perform either a Physical Extraction which will extract all the data on the device, or File System Extraction which will extract only relevant files. The advantage of a Physical Extraction is that it retrieves more data from the device, making it possible to recover deleted files such as photos that were saved on the device. The down side is that it takes more time, and that File System reconstruction is not supported for all devices. If you choose to do a File System Extraction you will save time and will still be able to view all vital information including deleted records (but excluding deleted files) even if File System reconstruction is not supported. 4

Q: Does this extraction method change any of the data on the device? A: Few clients are copied to the device into the /data/local/tmp folder. Besides that, nothing is changed. Q: Can you summarize this entire ADB topic in one sentence? A: Sure. It is possible to perform a physical or file system extraction on almost any Android device, provided that it s not locked (or USB debugging was previously enabled). All currently available Android OS versions are supported (1.5-4.0.x). Boot Loader Extraction Q: What is Boot loader extraction? A: This method performs a physical extraction of the device when it's in Boot Loader mode. Many Android devices can be turned on in special modes, used for debugging or for firmware upgrade. In this extraction method the Android OS is not running, so the device can t connect to the mobile network. Q: Does this method bypass the unlock password or pattern? Will I be able to reveal it? A: Yes, you will be able to bypass any type of lock, and will be able to reveal a numeric PIN lock or unlock pattern. Q: Does this extraction method change any of the data on the device? A: No, this method is completely forensically sound. Q: Which devices are supported by this method? A: Currently supported devices are Most Motorola Android devices, Selected Samsung Android devices, selected Qualcomm devices and selected LG GSM and CDMA. Technical Terms Android- Google s mobile OS. You can find a list of Android devices here: http://en.wikipedia.org/wiki/list_of_android_devices. Another very helpful resource is http://pdadb.net Brick- A device that cannot function in any capacity (such as a device with damaged firmware). (http://en.wikipedia.org/wiki/brick_%28electronics%29) Client - A program written by Cellebrite that runs on the Android OS itself. Root/rooting- A process that allows users of cell phones and other devices running the Android operating system to attain privileged control (known as "root access") within Android's Linux subsystem, similar to jailbreaking on Apple devices running the ios operating system, overcoming limitations that the carriers and manufacturers put on such phones. (http://en.wikipedia.org/wiki/rooting_%28android_os%29) 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information