[Linux] Android Acquisition using ADB, root, netcat and DD
Рет қаралды 35,473
Күн бұрын
@jowb-wf5tg Жыл бұрын
so how can we do data acquisitions without root because in real life most people dont use root
@mosopeoduwole2239 9 ай бұрын
Have you found a response to your question? I am posed with the same issue, collecting an Android's physical image WITHOUT rooting the device. I can't seem to find any answers.
@krisolson6515 2 ай бұрын
@mosopeoduwole2239 same here, I'm curious to plug in and explore or edit my file tree!
@natetolbert3671 3 жыл бұрын
for Ubuntu 20.04 -- just run: sudo apt install adb dependencies are automatically taken care of...
@dragonzed 7 ай бұрын
Same thing in Debian Bookworm :)
@___its_____gareeb 5 ай бұрын
@@dragonzed yes i use debian 12 same command
@woolfy02 4 жыл бұрын
Thank you for the tutorial. Hope to be able to use this on my old android phone to get the pictures off it.
@Benedict00_MankoMuncher 3 жыл бұрын
Can you do this without BusyBox? The BusyBox won't install on my phone for some reason
@Pedro-lt1cu 7 жыл бұрын
Did you ever had the chance to make the follow up video? This one helped me a lot with a project.
@realultimategeeks4194 7 жыл бұрын
I'm a N00b but haven't had this much fun with computers since I bought a Commodore64 in 1985 with money I saved being a caddy all summer..when I was 12. I feel like a kid again. It's great! Since I'm "the computer guy" people give me old electronics all the time and the pile of mystery cellphones has been getting shuffled around long enough. "The Price is Right" hole punch game style I reached into the box and got... e960 "OK," I told myself, "don't lose any of the data, try to be as kid-gloves / hands off as possible. No network access. Bluetooth and USB only. Keep the device 'as is' and only use Linux." The self-imposed rules were 1985. No internet. Just a box and what was on it. I could download software onto the computer because that is like going to the store to buy more software. I could read stuff and watch videos because that's like going to the library. Stranger Things / Goonies / Real Genius style. (I do own a pair of bunny slippers and so should everyone so say we all) I don't know Linux. I'm horrible with cell phones. Professionally I work with Windows machines and people that have more money than brains. I'm bored with my "career". I need a good challenge, something to keep me up half the night, and make me feel like a kid again. I need a new toy. The Device: Guest account only accessible. CM Security. PIN. LMY47V The device freezes so crashing the lockscreen works you just can't do anything after because it's frozen/lockedup. LOCKED.STOCK. (I really want to make a 2 smoking barrels reference but it's tired and I'm late). I. Tried. Everything. (that was free...I'm not going to spend money on something I know I can figure out. I'm stubborn.) Spent 2 months trying various "things" to no avail. I read a lot. KZbin'd Clockwork Orange style. Hammer away for 2 or 3 nights, hit a roadblock, try to work around the roadblock. Discover more roadblocks. Re-Start from a beginning, follow a path, rinse repeat. 2 months. Weekends. Every night after work. Until one night last week... Guzzled liquid courage... "You can get it back and work it from THAT angle!" I heard Det. Ronald Nathan Harris tell me. Det. Harris is my pet Chameleon. Ok fine, i was drunk. Wiped the device. There is/was 6gb of data I couldn't get at. Your video is the one...of the several I watched...yours was the video I followed to get the RAW image. Which I keep on a RAID 1 backup, write protected, in a folder called THE MORGUE. Now I'm starting to slice up copies of the body in Santoku. Playing with my new toy. Staying up way too late. Watching your videos. Trying to figure this all out. Like it's 1985 again. It's 3:30am I'm 44 going on 13. thnx
@natetolbert3671 3 жыл бұрын
Was the money worth it... chasing that damned gopher around all summer? : )
@livefree4431 4 ай бұрын
Would what you doing now after this time
@ELLOHx3 4 жыл бұрын
Is there any tool to analyze the .dd image after acquisition? I tried an open source tool Autopsy which couldnt parse it.
@d_o_o_m_e_d5939 4 жыл бұрын
Maybe you can mount the image file? I have done this before with windows and linux idk if it can with android
@d_o_o_m_e_d5939 4 жыл бұрын
MaXXiMuMTroLleRs autospy never really worked for me so i have lots of open source tools from git and it is a lot better
@ELLOHx3 4 жыл бұрын
@@d_o_o_m_e_d5939 can you list some of these open source tools that worked for you
@d_o_o_m_e_d5939 4 жыл бұрын
Elloh Sitsofe they are mostly for windows forensics like srum parser or mft analyzer etc but if you want i can list them
@odn7769 3 жыл бұрын
My phone stucks after typed in the PIN. So I really cant use any program using the UI of the phone. Really looking forward to a solution, to recover my data only using the terminal. Anybody have suggestions for me?
@paulofegueredo 4 жыл бұрын
Thanks very much for the video. I have tried to make acquire by SDCard and was very fast, but, for this way in the video, que speed was so slowly, about 6 bytes/sec. Do you know what can stay happening?
@cesargomis9764 7 жыл бұрын
Thanks guy it's very useful tricks i really appreciate
@Comrade.Archer 4 жыл бұрын
Have u any ideas how to get Root at android 6.0 or higher? Today, obtaining root at higher versions of android 6 is very risky. Is there a way to get them officially/legal?
@DFIRScience 4 жыл бұрын
Have you looked into Magisk? www.howtogeek.com/312404/how-to-root-your-android-phone-with-magisk/
@Comrade.Archer 4 жыл бұрын
@@DFIRScience Thanks for the answer. I know what is possible with the help of magisk, but recently I realized that this may not always work: recently they brought me a phone of the Samsung a50 model and I almost turned it into a non-working stone. In addition, after such action in such phones, the warranty and so on may disappear
@DFIRScience 4 жыл бұрын
If you are rooting for forensics, your best option is to buy a forensic acquisition tool. It's expensive but pretty reliable. Other methods are more difficult, and it's hard to get consistent results, unfortunately.
@Comrade.Archer 4 жыл бұрын
@@DFIRScience Ok, Thanks for the answer and ur videos; and what a forensic acquisition tool can you offer to buy?
@AakashKumar6868-kyc 4 жыл бұрын
@@Comrade.Archer Did u get any result from ur phone. I ve d same model in that I m only able to access recovery boot mode.
@ahsan-li7sh 7 жыл бұрын
very useful video
@delforparedes3905 7 жыл бұрын
wow your videos are very awesomes, very interesting y so easy to learn :) thanks for share it and have a great day. :)
@DFIRScience 6 жыл бұрын
Thanks! I appreciate it.
@dannymchenry996 5 жыл бұрын
Hey, thanks for this video, it helped me alot with my final year project at university. My project was an android mobile forensics project. I am just wondering, will this work for a newer version of android such as 6.0 marshmallow?, as I want to try the experiment again only with a newer phone. Thank you
@atesone76 3 жыл бұрын
nope
@mdy5real 3 жыл бұрын
Hey! it does work if the device is rooted. I used an LG phone with Android 6.0 installed on it and it worked just a few days ago.
@mahmudamoon7191 2 жыл бұрын
Hello there! glad to hear your project is also about Android forensics.. could you do me a favor? if you have already completed your project can you give me to study it?
@danridge5422 2 жыл бұрын
Hey, does this still work? currently learning new tools and just wondering whether this still would be the best way? Thanks
@DFIRScience 2 жыл бұрын
If you can get root access, yes. However, if you are comfortable with Linux, check out android_triage: kzbin.info/www/bejne/oIO1eWWPjLihnqc
@danridge5422 2 жыл бұрын
@@DFIRScience Yeah absolutely love linux but using a virtualbox to run it and has issues converting android to an dd unfortunately. Thanks I will have a look now, if it comes to it I'll just run linux on my 2nd hardrive and dual boot.
@bugsqli9301 9 ай бұрын
How to root infinix note 11
@fikriali4864 5 жыл бұрын
can i recover android phone data using linux? cus i have problem with my brother phone, he's passed away 2 month's ago and his phone locked with fingerpint. my parent's want me to unlock the phone cus they want to see my brother data, and then i tried to unlock the phone but ended up with formatting it, lol.
@michaeledwards3736 3 жыл бұрын
Try using Google or iTunes to remotely reset the password? If you get into his Google account (for android) you might be able to change the screen lock depending on what settings he had
@michaeledwards3736 3 жыл бұрын
But also, there are many different methods using hacking tools and otg cables and whatnot, I believe if the phone automatically connects to a network that you have access to, it might make it easier, you might be able to contact the phone company the service provider... In my experience account recovery is easier while the phone number still works.
@michaeledwards3736 3 жыл бұрын
Or there's always the option of paying someone to recover the data
@michaeledwards3736 3 жыл бұрын
Typically phones have back up passwords in case the finger print reader fails, you may be able to guess the password or use a brute force attack... I do believe these days that it may not even be possible to access someone's phone if they have a secure password and all the right security settings... the federal government was unable to access the terrorists iphone from California, the gov tried to force Apple to create a backdoor and they lost in court.
@ramenx3034 6 жыл бұрын
what screen recorder are u using ?
@DFIRScience 6 жыл бұрын
My main system is Linux. I use Vokoscreen for recording and Audacity and Shotcut for Audio and Video editing. Vokoscreen: github.com/vkohaupt/vokoscreen Shotcut: kzbin.info/www/bejne/iYSulIF6Zb51prc www.shotcut.org/ Audacity: www.audacityteam.org/
@djnikx1 2 жыл бұрын
👍Cheers buddy, but for something like that [forensic] I'd prefer Santoku. Less f***** around.
@GreenGuyDIY 3 жыл бұрын
You repeat toooooo much
Nikita Zdradovskiy
Рет қаралды 7 МЛН
RootJunky
Рет қаралды 103 М.
ZProger [ IT ]
Рет қаралды 357 М.