Hi all,
I've chosen to do my third-year Computer Forensics project on Android Forensics. This will involve writing a program that is intended to pull files of interest off an Android device using the Android Debug Bridge (ADB), an Android sdk tool, and open them using sqlite etc.
Are there any issues you recommend I take particular care with? What would you do?
Also I intend to use C to write my program in. Is this a good choice for this sort of program? I'm not a great programmer and I'm only familiar with Java.
Any advice would be greatly appreciated.
you should look into the application level security of Android - you might find that it's an infuriatingly secure OS UNLESS the handset has been "rooted".
Don't let that put you off though - it's a facinating area to research - just be aware that it might weight more heavily on the research side of things!
Interesting thing to do but wouldnt this rely on the suspect phone having debug mode enabled? i.e. adb wont connect to the phone without it.
I had a quick google though and found this which looks like a lot of fun.
http//
As others have mentioned, you will not be able to pull any files under /data/data using ADB unless the daemon is running as root on the phone (this only happens on developer phones, rooted phones or in the emulator).
Also, the sqlite databases are a good start be a great deal of information lies outside the databases. In traditional computer forensics, I'd refer to the space as unallocated but the data partitions use YAFFS2 and this term does not seem to apply very well. The YAFFS2 file system is a log-structured file system and among other very interesting characteristics, it has the potential of producing versioning on files.
You can find some details on my blog at
http//
but much of our R&D is put into training and the book we hope to one day publish. Feel free to contact me if you wish to discuss further…I am working with several students on Android projects.
hi, I did something simular with my final year project.
Insead of using C or C++, try using C#(C sharp). You do not have to bother with pointers as it will sort out the memory management.