±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 4
New Yesterday: 2
Overall: 27634
Visitors: 50

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

using adb to extract android

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

using adb to extract android

Post Posted: Sun Mar 09, 2014 6:58 am

hi all, I am trying to use adb.exe to pull info from android.

does anyone know how can I tell it to extract all the folders or some folder.
also does anyone know if it can be used to extract deleted items.

thanks in advance for all the answers.  

justtesting
Member
 
 
  

Re: using adb to extract android

Post Posted: Sun Mar 09, 2014 8:09 am

ADB will provide you a "bridge" (ergo the name) to access the phone content; it will not extract data.
The ADB daemon or server on the phone runs when it is enabled (debug/dev mode), and is built into Android.

Since the daemon is not running as root by default, you will only have access to regular files, no slack or deleted information. If you root the device, you will get all allocated, file system data - still no deleted information.  

jhup
Senior Member
 
 
  

Re: using adb to extract android

Post Posted: Sun Mar 09, 2014 9:59 am

- jhup
ADB will provide you a "bridge" (ergo the name) to access the phone content; it will not extract data.
The ADB daemon or server on the phone runs when it is enabled (debug/dev mode), and is built into Android.

Since the daemon is not running as root by default, you will only have access to regular files, no slack or deleted information. If you root the device, you will get all allocated, file system data - still no deleted information.


thank you.  

justtesting
Member
 
 
  

Re: using adb to extract android

Post Posted: Mon Mar 10, 2014 2:30 am

- justtesting
- jhup
ADB will provide you a "bridge" (ergo the name) to access the phone content; it will not extract data.
The ADB daemon or server on the phone runs when it is enabled (debug/dev mode), and is built into Android.

Since the daemon is not running as root by default, you will only have access to regular files, no slack or deleted information. If you root the device, you will get all allocated, file system data - still no deleted information.


thank you.

That's not entirely true, you can also, for example, fastboot into a rooted environment (like booting a computer from a live cd) and use ADB to pull an entire physical image (providing that the the device is S-OFF). For a great list of Android forensic methods, check out:
viaforensics.com/resou.../#fastboot  

joe_t
Member
 
 
  

Re: using adb to extract android

Post Posted: Mon Mar 10, 2014 6:59 am

How do you pull data from a device instance to dev. machine without knowing the file/directory names? shell requires at least one other tool on the device from /system/bin/.

Those are the two other commands I am aware that maybe able to get some data - but both require something that was not mentioned in the original post.

How can ADB, and ADB alone, "pull an entire physical image"? I would love to learn it.  

jhup
Senior Member
 
 
  

Re: using adb to extract android

Post Posted: Tue Mar 11, 2014 3:32 am

- jhup
How can ADB, and ADB alone, "pull an entire physical image"? I would love to learn it.


That is the point. You can use additional binaries like nanddump or busybox etc. to pull an image via ADB but ADB itself ist just the bridge to execute commands either supported by the phone or through external binaries.  

Zergling
Member
 
 
  

Re: using adb to extract android

Post Posted: Tue Mar 11, 2014 4:52 am

I used an alternate recovery to boot an Android to have access to the file systems. You can use ODIN 1.85 and push a recovery in PDA.

What you need a ROM/ Recobvery for the device you need to examine. I used recoveries based on Clock Work Mode (CWM).
The Android Phone needs to be set in boot mode (Samsung vol down + (home) + Power). Connect it to your PC with ODIN running. I used ODIN 1.85 (avalable on different forums). Click inside ODIN on PDA, locate the ROM file for the phone and start flashing. It should display success in the top bar of ODIN. The Android Phone should immedialtely reboot and you need to press some buttons to push it in recovery mode (eg Samsung: vol up + (home) + (Power)).

Now you can connect via adb. There's an adb executable on the net or you can use the Android SDKs adb tool. You need to run it from cmd:
adb devices ; shows connected devices and should show recovery
adb shell ; connects to the shell of android. The security concept from google doens't force you to enter a PIN Wink
With a recovery you can dd the "sdcard" of the android phone.  

Last edited by Bitstorm on Tue Mar 11, 2014 6:08 am; edited 1 time in total

Bitstorm
Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 2
Go to page 1, 2  Next