Hi,
I have just rooted my first Android (for test purposes) and I was wondering if there is anything or any tools I now use to get a copy of the phone if I so wanted to?
I tried to mount the /data and /system but it failed. When I plugged it into a PC (both Windows 7 and Linux) it didn't do anything (well, it assigned a drive letter to Windows, but could not access anything)
With root access should I be able to take an image of the device as I kind of assumed that is what it was for? The device is swipe locked and it never became an issue rooting it.
I used unrevoked 3 to root it.
Any tips much appreciated. Go easy, its my first Android phone )
Using a decent phone analysis tool such as XRY and Oxygen should work well. Rooting the Android just allows access to the system files which are normally off limits.
Not entirely sure what extra information can be obtained from this but I am assuming the raw files can be obtained (SMS databases etc) and therefore, deleted data can be obtained.
Alternatively, you could JTAG the device (most HTC handsets are supported) and you can obtain an image that way. Although you do not need a rooted handset to do that.
Hi,
I have just rooted my first Android (for test purposes) and I was wondering if there is anything or any tools I now use to get a copy of the phone if I so wanted to?
I tried to mount the /data and /system but it failed. When I plugged it into a PC (both Windows 7 and Linux) it didn't do anything (well, it assigned a drive letter to Windows, but could not access anything)
With root access should I be able to take an image of the device as I kind of assumed that is what it was for? The device is swipe locked and it never became an issue rooting it.
I used unrevoked 3 to root it.
Any tips much appreciated. Go easy, its my first Android phone )
If you can tell us the brand and model of the phone we can help you more.
XRY will extract a lot more data from a rooted device. For instance it will recover a lot of app related data (Gmail, Skype, Ping! chat, Kakaotalk etc.). Also you can do a dump and decode of the file system with XRY physical which will give you access to deleted files and old versions of, say the sms/msm database.
Install dd and netcat, connect the phone to a wireless network and throw the DD output over a netcat pipe to a forensic machine.
Install dd and netcat, connect the phone to a wireless network and throw the DD output over a netcat pipe to a forensic machine.
Exactly this.
Using a decent phone analysis tool such as XRY and Oxygen should work well. Rooting the Android just allows access to the system files which are normally off limits.
Not entirely sure what extra information can be obtained from this but I am assuming the raw files can be obtained (SMS databases etc) and therefore, deleted data can be obtained.
Alternatively, you could JTAG the device (most HTC handsets are supported) and you can obtain an image that way. Although you do not need a rooted handset to do that
===========================================
Hello Logan,
Could you kindly name the list of HTC you did JTAG? When you mentioned HTC handsets, I am wondering which phones specfically you are talking about.
Well, if you have micro SD card, you can simply insert the card into the phone and get the data. Not necessary for wireless tranfer!
Once rooted just plug the handset in and extract it as a HTC Incredible using XRY.
Open the files in XACT, export the data partition and if Robert isn't your mothers brother you can now just pass the files into EnCase for keyword searches.
If you are LE please shoot me over your PNN and I will help you date time stamps. Little busy atm but I'm sure I can help if needed