How to Create a Forensic Image of Android Phone using Magnet Acquire

Magnet ACQUIRETM is designed to quickly and easily acquire an image of any iOS or Android device. Examiners are given the option of two extraction methods: Quick and Full.

First Download Magnet Acquire from here and Install in your Computer. Now connect your Android phone with Computer using Data Cable. You will get a pop up on your computer screen which says choose your device. Select the device and click Next.

Quick Extraction:

The Quick Extraction method will work on any IOS device, version 5 or newer. Magnet ACQUIRE will combine an iTunes backup, with some additional acquisition techniques, to obtain both native and third-party data.

Full Extraction:

Magnet ACQUIRE can also help you obtain a full, physical image of many Android devices by using either the built-in privilege escalation exploits or by imaging a device that has already been rooted.

Now select your desired option and click next.

Now you will get a pop up first choose the folder destination and put Examiner name and other details and click ACQUIRE.

On your Android Phone you will get a screen says Full Back up, at the bottom right of your phone screen you will see back up my data click on that.

Process will start as shown below.

Process complete as shown in below Image. Click On Exit.

Magnet Acquire has created a raw image of Android phone in the folder your selected.

AuthorMukul Mohan is a Microsoft Certified System Engineer in Security and Messaging with high level of expertise in handling server side operations based on windows platform. An experienced IT Corporate Trainer and Computer Forensics Expert with over 20 years’ Experience.

You can contact him at [email protected]

Forensics Investigation of Android Phone using Andriller

Andriller – is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. It has other features, such as powerful Lockscreen cracking for Pattern, PIN code, or Password; custom decoders for Apps data from Android (and some Apple iOS) databases for decoding communications. Extraction and decoders produce reports in HTML and Excel (.xlsx) formats.

Features

  • Automated data extraction and decoding
  • Data extraction of non-rooted without devices by Android Backup (Android versions 4.x)
  • Data extraction with root permissions: root ADB daemon, CWM recovery mode, or SU binary (Superuser/SuperSU)
  • Data parsing and decoding for Folder structure, Tarball files (from nanddroid backups), and Android Backup (‘backup.ab’ files)
  • Selection of individual database decoders for Android and Apple
  • Decryption of encrypted WhatsApp archived databases (msgstore.db.crypt, msgstore.db.crypt5, msgstore.db.crypt7, msgstore.db.crypt8)
  • Lockscreen cracking for Pattern, PIN, Password
  • Unpacking the Android backup files

First Download Andriller from here : and install in your Computer.

Now open the Andriller and select output folder. You will get a pop up and select your desired folder.

Now connect your Android phone with computer using Data cable. IN Andriller software click on Check option, if your Android phone is successfully connected with Andriller it will give a Serial ID.

Once you get Serial ID then select the check box which says Open Report & Use AB method and click on GO.

Your will get a Pop up click ok.

On your Android Phone you will get a screen says Full Back up , at the bottom right of your phone screen you will see Back up my data click on that.

Now Andriller will start taking the Back up of your phone and you can see the logs on Andriller as well.

Once the Backup is complete, you can see the complete data in the folder your selected.

You will see a pop up on your browser which will show you the complete phone report.

You can select any of the option to see the details as shown in the below image. Example select WiFi password, you will get all the details which is saved under this folder.

Same way select another option says Android Download history in this you will see all downloads.

Same way select another option says Android Call logs in this you will see all Call details.

Same way select another option says SMS Snippets in this you will see all Overview.

AuthorMukul Mohan is a Microsoft Certified System Engineer in Security and Messaging with high level of expertise in handling server side operations based on windows platform. An experienced IT Corporate Trainer and Computer Forensics Expert with over 20 years’ Experience.

You can contact him at [email protected]

Logical Forensics of an Android Device using AFLogical

First need to install SANTOKU tool kit. How to install it read this article given below

http://www.hackingarticles.in/santoku-linux-overview-of-mobile-forensics-operating-system/

Note : You need an Android mobile device with USB debugging on

Now, click bottom left of your conputer screeen select SANTOKU then Device Forensics and click on AF Logical OSE.

Note : make sure your android device is connected to computer via USB.

 Enable USB debugging on your device. For Android 3.x and below, go to Settings –> Applications –> Development, then check ‘USB debugging’.

Now you will get a Terminal, In terminal type : aflogical-ose  It will show you the success message on the terminal.

ON your mobile screen you will see couple of options like Call log, MMS etc, select the option which you want to extract and then click on Capture. (I have selected all the options as you can see below ).

Now on your mobile screen you will see the Extracting Data as shown in Image.

In terminal press Enter and now it will save the data and make a new folder in SD card by the name of Forensics .

Here is it will look like(I have selected the forensics folder see below)

Click on Forensics folder here you will see the data you have selected.

AuthorMukul Mohan is a Microsoft Certified System Engineer in Security and Messaging with high level of expertise in handling server side operations based on windows platform. An experienced IT Corporate Trainer and Computer Forensics Expert with over 20 years’ Experience.

You can contact him at [email protected]

SANTOKU Linux- Overview of Mobile Forensics Operating System

Santoku is dedicated to mobile forensics, analysis, and security, and packaged in an easy to use, Open Source platform.

First Download Santoku ISO image from here

After having started the Santoku boot loader, you will see a screen with several boot options. Now click on Install – start the installer directly then press Enter.

You will see this screen, then click on Continue

Click Continue here as well

Select first option – Erase disk and install Santoku, then click on Install Now

Now you will see a Map which shows your location, and then click on Continue

You will see the form, please fill all the fields like Name, Password etc and then click Continue

You will get a Pop up on your computer screen says Installation Complete, please restart your Computer. Click on Restart Now

Once the computer is ready to use it will ask you for the login details. Please enter your password to login.

Now you are on the Home screen of SANTOKU, click on bottom left of your computer screen. You will get couple of options, please select SANTOKU and click on Development Tools; here you can find all available development tools in SANTOKU.

Click on Device Forensics, here you can find all available Device Forensics tools in SANTOKU.

Click on Penetration Testing, here you can find all available Penetration Testing tools in SANTOKU.

Click on Reverse Engineering, here you can find all available Reverse Engineering tools in SANTOKU.

Click on Wireless Analyzers, here you can find all available Wireless Analyzers tools in SANTOKU.

AuthorMukul Mohan is a Microsoft Certified System Engineer in Security and Messaging with high level of expertise in handling server side operations based on windows platform. An experienced IT Corporate Trainer and Computer Forensics Expert with over 20 years’ Experience.

You can contact him at [email protected]

Related Posts Plugin for WordPress, Blogger...