[Linux] Android Acquisition using ADB, root, netcat and DD

Поділитися
Вставка
  • Опубліковано 4 гру 2024

КОМЕНТАРІ • 46

  • @natetolbert3671
    @natetolbert3671 3 роки тому +4

    for Ubuntu 20.04 -- just run:
    sudo apt install adb
    dependencies are automatically taken care of...

    • @dragonzed
      @dragonzed 5 місяців тому

      Same thing in Debian Bookworm :)

    • @___its_____gareeb
      @___its_____gareeb 4 місяці тому

      @@dragonzed yes i use debian 12 same command

  • @realultimategeeks4194
    @realultimategeeks4194 7 років тому +5

    I'm a N00b but haven't had this much fun with computers since I bought a Commodore64 in 1985 with money I saved being a caddy all summer..when I was 12. I feel like a kid again. It's great!
    Since I'm "the computer guy" people give me old electronics all the time and the pile of mystery cellphones has been getting shuffled around long enough. "The Price is Right" hole punch game style I reached into the box and got...
    e960
    "OK," I told myself, "don't lose any of the data, try to be as kid-gloves / hands off as possible. No network access. Bluetooth and USB only. Keep the device 'as is' and only use Linux."
    The self-imposed rules were 1985. No internet. Just a box and what was on it. I could download software onto the computer because that is like going to the store to buy more software. I could read stuff and watch videos because that's like going to the library.
    Stranger Things / Goonies / Real Genius style.
    (I do own a pair of bunny slippers and so should everyone so say we all)
    I don't know Linux.
    I'm horrible with cell phones.
    Professionally I work with Windows machines and people that have more money than brains.
    I'm bored with my "career".
    I need a good challenge, something to keep me up half the night, and make me feel like a kid again.
    I need a new toy.
    The Device:
    Guest account only accessible. CM Security. PIN. LMY47V The device freezes so crashing the lockscreen works you just can't do anything after because it's frozen/lockedup.
    LOCKED.STOCK. (I really want to make a 2 smoking barrels reference but it's tired and I'm late).
    I. Tried. Everything. (that was free...I'm not going to spend money on something I know I can figure out. I'm stubborn.)
    Spent 2 months trying various "things" to no avail. I read a lot. UA-cam'd Clockwork Orange style. Hammer away for 2 or 3 nights, hit a roadblock, try to work around the roadblock. Discover more roadblocks. Re-Start from a beginning, follow a path, rinse repeat. 2 months. Weekends. Every night after work.
    Until one night last week...
    Guzzled liquid courage...
    "You can get it back and work it from THAT angle!" I heard Det. Ronald Nathan Harris tell me.
    Det. Harris is my pet Chameleon.
    Ok fine, i was drunk.
    Wiped the device.
    There is/was 6gb of data I couldn't get at.
    Your video is the one...of the several I watched...yours was the video I followed to get the RAW image. Which I keep on a RAID 1 backup, write protected, in a folder called THE MORGUE.
    Now I'm starting to slice up copies of the body in Santoku.
    Playing with my new toy.
    Staying up way too late.
    Watching your videos.
    Trying to figure this all out.
    Like it's 1985 again.
    It's 3:30am
    I'm 44 going on 13.
    thnx

    • @natetolbert3671
      @natetolbert3671 3 роки тому +1

      Was the money worth it... chasing that damned gopher around all summer? : )

    • @livefree4431
      @livefree4431 2 місяці тому

      Would what you doing now after this time

  • @woolfy02
    @woolfy02 4 роки тому +1

    Thank you for the tutorial. Hope to be able to use this on my old android phone to get the pictures off it.

  • @Pedro-lt1cu
    @Pedro-lt1cu 7 років тому +4

    Did you ever had the chance to make the follow up video? This one helped me a lot with a project.

  • @jowb-wf5tg
    @jowb-wf5tg 11 місяців тому +6

    so how can we do data acquisitions without root because in real life most people dont use root

    • @mosopeoduwole2239
      @mosopeoduwole2239 7 місяців тому

      Have you found a response to your question? I am posed with the same issue, collecting an Android's physical image WITHOUT rooting the device. I can't seem to find any answers.

    • @krisolson6515
      @krisolson6515 29 днів тому

      ​@mosopeoduwole2239 same here, I'm curious to plug in and explore or edit my file tree!

  • @Benedict00_ItchyManko
    @Benedict00_ItchyManko 3 роки тому +2

    Can you do this without BusyBox? The BusyBox won't install on my phone for some reason

  • @ELLOHx3
    @ELLOHx3 4 роки тому +6

    Is there any tool to analyze the .dd image after acquisition? I tried an open source tool Autopsy which couldnt parse it.

    • @d_o_o_m_e_d5939
      @d_o_o_m_e_d5939 4 роки тому +1

      Maybe you can mount the image file? I have done this before with windows and linux idk if it can with android

    • @d_o_o_m_e_d5939
      @d_o_o_m_e_d5939 4 роки тому

      MaXXiMuMTroLleRs autospy never really worked for me so i have lots of open source tools from git and it is a lot better

    • @ELLOHx3
      @ELLOHx3 4 роки тому

      @@d_o_o_m_e_d5939 can you list some of these open source tools that worked for you

    • @d_o_o_m_e_d5939
      @d_o_o_m_e_d5939 4 роки тому

      Elloh Sitsofe they are mostly for windows forensics like srum parser or mft analyzer etc but if you want i can list them

  • @odn7769
    @odn7769 3 роки тому +1

    My phone stucks after typed in the PIN. So I really cant use any program using the UI of the phone. Really looking forward to a solution, to recover my data only using the terminal. Anybody have suggestions for me?

  • @cesargomis9764
    @cesargomis9764 7 років тому +1

    Thanks guy it's very useful tricks i really appreciate

  • @dannymchenry996
    @dannymchenry996 5 років тому +1

    Hey, thanks for this video, it helped me alot with my final year project at university. My project was an android mobile forensics project. I am just wondering, will this work for a newer version of android such as 6.0 marshmallow?, as I want to try the experiment again only with a newer phone.
    Thank you

    • @atesone76
      @atesone76 3 роки тому

      nope

    • @mdy5real
      @mdy5real 3 роки тому

      Hey! it does work if the device is rooted. I used an LG phone with Android 6.0 installed on it and it worked just a few days ago.

    • @mahmudamoon7191
      @mahmudamoon7191 2 роки тому

      Hello there! glad to hear your project is also about Android forensics.. could you do me a favor? if you have already completed your project can you give me to study it?

  • @Comrade.Archer
    @Comrade.Archer 4 роки тому +1

    Have u any ideas how to get Root at android 6.0 or higher? Today, obtaining root at higher versions of android 6 is very risky. Is there a way to get them officially/legal?

    • @DFIRScience
      @DFIRScience  4 роки тому

      Have you looked into Magisk? www.howtogeek.com/312404/how-to-root-your-android-phone-with-magisk/

    • @Comrade.Archer
      @Comrade.Archer 4 роки тому

      @@DFIRScience Thanks for the answer. I know what is possible with the help of magisk, but recently I realized that this may not always work: recently they brought me a phone of the Samsung a50 model and I almost turned it into a non-working stone. In addition, after such action in such phones, the warranty and so on may disappear

    • @DFIRScience
      @DFIRScience  4 роки тому

      If you are rooting for forensics, your best option is to buy a forensic acquisition tool. It's expensive but pretty reliable. Other methods are more difficult, and it's hard to get consistent results, unfortunately.

    • @Comrade.Archer
      @Comrade.Archer 4 роки тому

      @@DFIRScience Ok, Thanks for the answer and ur videos; and what a forensic acquisition tool can you offer to buy?

    • @AakashKumar6868-kyc
      @AakashKumar6868-kyc 4 роки тому

      @@Comrade.Archer Did u get any result from ur phone. I ve d same model in that I m only able to access recovery boot mode.

  • @paulofegueredo
    @paulofegueredo 4 роки тому

    Thanks very much for the video. I have tried to make acquire by SDCard and was very fast, but, for this way in the video, que speed was so slowly, about 6 bytes/sec. Do you know what can stay happening?

  • @delforparedes3905
    @delforparedes3905 7 років тому

    wow your videos are very awesomes, very interesting y so easy to learn :) thanks for share it and have a great day. :)

  • @ramenx3034
    @ramenx3034 6 років тому

    what screen recorder are u using ?

    • @DFIRScience
      @DFIRScience  6 років тому +1

      My main system is Linux. I use Vokoscreen for recording and Audacity and Shotcut for Audio and Video editing.
      Vokoscreen: github.com/vkohaupt/vokoscreen
      Shotcut: ua-cam.com/video/SSKcND0YBpU/v-deo.html www.shotcut.org/
      Audacity: www.audacityteam.org/

  • @ahsan-li7sh
    @ahsan-li7sh 7 років тому +2

    very useful video

  • @danridge5422
    @danridge5422 2 роки тому

    Hey, does this still work? currently learning new tools and just wondering whether this still would be the best way?
    Thanks

    • @DFIRScience
      @DFIRScience  2 роки тому

      If you can get root access, yes. However, if you are comfortable with Linux, check out android_triage: ua-cam.com/video/jRRH2YWSnhE/v-deo.html

    • @danridge5422
      @danridge5422 2 роки тому +1

      @@DFIRScience Yeah absolutely love linux but using a virtualbox to run it and has issues converting android to an dd unfortunately. Thanks I will have a look now, if it comes to it I'll just run linux on my 2nd hardrive and dual boot.

    • @bugsqli9301
      @bugsqli9301 7 місяців тому

      How to root infinix note 11

  • @djnikx1
    @djnikx1 2 роки тому

    👍Cheers buddy, but for something like that [forensic] I'd prefer Santoku. Less f***** around.

  • @fikriali4864
    @fikriali4864 5 років тому

    can i recover android phone data using linux? cus i have problem with my brother phone, he's passed away 2 month's ago and his phone locked with fingerpint. my parent's want me to unlock the phone cus they want to see my brother data, and then i tried to unlock the phone but ended up with formatting it, lol.

    • @michaeledwards3736
      @michaeledwards3736 3 роки тому

      Try using Google or iTunes to remotely reset the password? If you get into his Google account (for android) you might be able to change the screen lock depending on what settings he had

    • @michaeledwards3736
      @michaeledwards3736 3 роки тому

      But also, there are many different methods using hacking tools and otg cables and whatnot, I believe if the phone automatically connects to a network that you have access to, it might make it easier, you might be able to contact the phone company the service provider... In my experience account recovery is easier while the phone number still works.

    • @michaeledwards3736
      @michaeledwards3736 3 роки тому

      Or there's always the option of paying someone to recover the data

    • @michaeledwards3736
      @michaeledwards3736 3 роки тому

      Typically phones have back up passwords in case the finger print reader fails, you may be able to guess the password or use a brute force attack... I do believe these days that it may not even be possible to access someone's phone if they have a secure password and all the right security settings... the federal government was unable to access the terrorists iphone from California, the gov tried to force Apple to create a backdoor and they lost in court.

  • @GreenGuyDIY
    @GreenGuyDIY 3 роки тому

    You repeat toooooo much