Forums
Main Category
General (Technical,...
what are the analys...
 
Notifications
Clear all

what are the analysis I can do with Android dd raw image?

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by francesco 12 years ago
6 Posts
4 Users
0 Reactions
1,972 Views
RSS
 indi
(@indi)
Trusted Member
Joined: 12 years ago
Posts: 51
Topic starter 07/10/2014 7:04 pm   [#12219]

Hi all,

I have collected an dd image of all partitions of android device. I recover deleted files like images using salpel on dd.

What other information I can recover from dd image.

What are the opensource tools I can use for.

Here I want to emphasize open source tools or manual analysis.

Hope my question is clear.
Many thanks



   
Quote
 jtingkir
(@jtingkir)
Eminent Member
Joined: 13 years ago
Posts: 21
10/10/2014 9:15 am  

You could try recovering whatsapp dbase. it's in WhatsApp/Database folder is located in your external microSD card.

http//forum.xda-developers.com/showthread.php?t=1583021
http//prophethacker.blogspot.com/2014/05/extractdecrypt-whatsapp-backup-messages.html



   
ReplyQuote
 francesco
(@francesco)
Trusted Member
Joined: 13 years ago
Posts: 79
10/10/2014 3:55 pm  

Autopsy 3.1.0 can read Android images (see thread here).



   
ReplyQuote
 AlexC
(@alexc)
Reputable Member
Joined: 17 years ago
Posts: 301
10/10/2014 6:53 pm  

Autopsy 3.1.0 can read Android images (see thread here).

Was just about to suggest this, instead I'll just second it.



   
ReplyQuote
 indi
(@indi)
Trusted Member
Joined: 12 years ago
Posts: 51
Topic starter 09/11/2014 10:16 am  

Thanks for all answers

You could try recovering whatsapp dbase. it's in WhatsApp/Database folder is located in your external microSD card.

http//forum.xda-developers.com/showthread.php?t=1583021
http//prophethacker.blogspot.com/2014/05/extractdecrypt-whatsapp-backup-messages.html

However in order to use this kind of analysis I need sqlite db files. Now question is

If I do not do logical acquisition, I only have dd image from physical acquisition then How to extract sqlite database files.

Basically I want to know how to interpret dd image as a disk so that it shows me files and folders.

I am doing a mobile forensic university project using opensource tools. In there I would like to show the collected image organized in files and folders apart form hex view.

Could you please some one guide me and help me here.



   
ReplyQuote
 francesco
(@francesco)
Trusted Member
Joined: 13 years ago
Posts: 79
09/11/2014 9:30 pm  

You mean that Autopsy doesn't open those partition images?



   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: