±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 36489
New Yesterday: 5 Visitors: 207

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Android imaging

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

afsfr
Member
 

Android imaging

Post Posted: Dec 12, 19 05:34

I try to use ftk imager downloaded from AccessData, but it can't do physical image for android phone, there is no menu item. so how can ftk get android image whithout rooting or we have to use encase  
 
  

gorvq7222
Senior Member
 

Re: Android imaging

Post Posted: Dec 25, 19 00:05

Frankly speaking you could not count on FTK or EnCase to do physical extraction from a smartphone. If the phone is rooted, that would be easier. If not, you could take professional mobile forensic tools into consideration, such as Oxygen, XRY, Cellebrite 4PC...etc.  
 
  

Igor_Michailov
Senior Member
 

Re: Android imaging

Post Posted: Dec 25, 19 05:40

- afsfr
I try to use ftk imager downloaded from AccessData, but it can't do physical image for android phone, there is no menu item. so how can ftk get android image whithout rooting or we have to use encase



_________________
Computer, Cell Phone & Chip-Off Forensics

linkedin.com/in/igormikhaylovcf 
 
  

Igor_Michailov
Senior Member
 

Re: Android imaging

Post Posted: Dec 25, 19 05:43

Try to use Belkasoft Acquisition Tool (https://belkasoft.com/get).

Belkasoft Acquisition Tool is good free tool for creating images from android and ios devices.
_________________
Computer, Cell Phone & Chip-Off Forensics

linkedin.com/in/igormikhaylovcf 
 
  

UnallocatedClusters
Senior Member
 

Re: Android imaging

Post Posted: Dec 25, 19 22:48

Please refer to page 66 of the DEFT Linux manual: paper.bobylive.com/Sys...-deft7.pdf

Imaging a rooted Android phone can be accomplished using the Android Debugging Bridge (ADB) by basically opening a Terminal Window and using a DD equivalent copy command to a locally installed SD card.

You are correct that it is generally impossible to have a rooted Android phone internal memory storage be recognized as logical or physical drive connected to a Windows PC and thus directly imageable by a tool like FTK Imager.

I was able to get a rooted Windows phone recognized by FTK Imager and was successfully able to create an E01 image file using FTK Imager I believe due to file formatting.

So basically Android memory storage file format is not FAT/ExFAT/NTFS format and thus cannot be seen by FTK Imager.

The differences in file formatting between Android OS and Windows OS is why one has to basically open a terminal window on the Android phone connected to the Windows PC over the Android Debugging Bridge to create a data dump DD image of the Android phones internal memory to an appropriately formatted internal to the Android phone SD card.  
 

Page 1 of 1