How to master Android Forensics?

hacking

(Burhan Uddin) #1

AFLogical is another methodology that extracts robot devices’ information besides adb. Content suppliers ar employed in this method, saving the extracted information into the device’s American state card. Such information contains contacts, call logs, SMS, transmission electronic communication Service (MMS), MMS parts, and device data.

Open the terminal window within Santoku. Then, sort the command “aflogical-ose”, wherever “OSE” abreviates Open supply Edition.
Next, sort the foundation word. If the word is correct, pressing Enter through your computer’s keyboard can pull /sdcard/forensics into ~/aflogical-data/
Pull/sdcard/forensics into ~/aflogical/data/
Select the specified information for extraction before eventually pressing “Capture” then “Ok” to substantiate the completion of knowledge extraction.
In order to continue, press Enter victimization your computer’s keyboard.

Now, the placement of ~/aflogical-data has the force information from SDCard. All the force information that ar recovered are going to be saved into that location from the someone.
In order to substantiate the higher than, simply open a terminal window to sort the subsequent command within it: “cd ~/aflogical-data/” for the sake of fixing the directory wherever the work is currently thereto location. succeeding step is to sort “ls” for the sake of viewing the created file.
cd ~/aflogical-data/
ls
the following can show
20160213.0649
One will currently merely browse any extracted pictures –or files or information –. All such files containing contacts, call logs, MMS/SMS, associated device data are going to be having an extension of .csv

One may simply read the aforesaid SMS table, showing all SMS.
Note that SQLite informationbases ar the foremost common means that of storing such valuable info or data. Throughout the terribly following lines, i’ll mention the file name and therefore the path that stores some proof.
a. \data\data\com.android.providers.contacts\ databases contacts2.db is wherever the phone book principally resides
We may simply extract such info as an example through harnessing “adb pull” command.
Adb pull
/data/data/com.android.providers.contacts/databases/contacts2.db/home/infosec/ContactDB/contacts.db
In genereal, one may browse SQLite by creating use of the Sqliteman utility. A command of “sqliteman” followed by the trail wherever the info resides then eventually the name of info.db.
Sqliteman /home/infosec/ContactDB/contacts.db
There ar twenty tables within such info like _sync_state and calls.
Calls history or maybe the other valuable information might be merely be got when querying a particular table in a very info. One will accomplish this through succeeding command: “select * from calls) for example.