tag:blogger.com,1999:blog-6748555274835706450.post8605000394648901603..comments2024-03-27T01:42:58.621-07:00Comments on Free Android Forensics: Live imaging an Android deviceMark Lohrumhttp://www.blogger.com/profile/07077867576734525405noreply@blogger.comBlogger99125tag:blogger.com,1999:blog-6748555274835706450.post-91116550081840670622024-01-19T08:28:14.863-08:002024-01-19T08:28:14.863-08:00
The blog on live imaging an Android device is a p...<br />The blog on live imaging an Android device is a pivotal guide for digital forensics professionals and enthusiasts. It skillfully navigates through the intricacies of capturing real-time images of Android devices, shedding light on crucial methods and tools. https://www.mobilezmarket.com/mobilezmarkethttps://www.blogger.com/profile/10371813941037503008noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-51940109986531535782022-04-18T21:14:31.274-07:002022-04-18T21:14:31.274-07:00Live Imaging An Android Device >>>>&g...Live Imaging An Android Device >>>>> <b><a href="http://8on8.top/T5i10?64" rel="nofollow">Download Now</a></b><br><br>>>>>> <b><a href="http://8on8.top/T5i10?38" rel="nofollow">Download Full</a></b><br><br>Live Imaging An Android Device >>>>> <b><a href="http://8on8.top/T5i10?15" rel="nofollow">Download LINK</a></b><br><br>>>>>> <b><a href="http://8on8.top/T5i10?57" rel="nofollow">Download Now</a></b><br><br>Live Imaging An Android Device >>>>> <b><a href="http://8on8.top/T5i10?45" rel="nofollow">Download Full</a></b><br><br>>>>>> <b><a href="http://8on8.top/T5i10?97" rel="nofollow">Download LINK</a></b> Zj Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-67707251864848589002022-04-18T21:14:09.857-07:002022-04-18T21:14:09.857-07:00Live Imaging An Android Device >>>>&g...Live Imaging An Android Device >>>>> <b><a href="http://8on8.top/T5i10?64" rel="nofollow">Download Now</a></b><br><br>>>>>> <b><a href="http://8on8.top/T5i10?38" rel="nofollow">Download Full</a></b><br><br>Live Imaging An Android Device >>>>> <b><a href="http://8on8.top/T5i10?15" rel="nofollow">Download LINK</a></b><br><br>>>>>> <b><a href="http://8on8.top/T5i10?57" rel="nofollow">Download Now</a></b><br><br>Live Imaging An Android Device >>>>> <b><a href="http://8on8.top/T5i10?45" rel="nofollow">Download Full</a></b><br><br>>>>>> <b><a href="http://8on8.top/T5i10?97" rel="nofollow">Download LINK</a></b> zB Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-74810048051624081162021-10-01T05:48:17.522-07:002021-10-01T05:48:17.522-07:00Spy Camera India - Offering smart sourcing tools f...<br />Spy Camera India - Offering smart sourcing tools for buyers to find China Products, Manufacturers & Suppliers. <a href="https://spycameraindia.com/product/mobile-network-blocker-gsm-cdma-3g-4g-gpsvhfuhf-wifi-signals-jammer-30m" rel="nofollow">Mobile Network Blocker</a> - Find Quality Manufacturers, Products & Suppliers.<br />Spy Camera Indiahttps://www.blogger.com/profile/06582196867661789755noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-42030749909259605392021-09-07T04:15:28.472-07:002021-09-07T04:15:28.472-07:00This post is so helfull and inforamtive .keep upda...This post is so helfull and inforamtive .keep updating more information...<br /><a href="http://www.salesforcecloudtraining.in/how-to-become-a-successful-android-app-developer/" rel="nofollow">Android Training Course</a><br /><a href="http://www.salesforcecloudtraining.in/how-to-become-a-successful-android-app-developer/" rel="nofollow">Scope Of Android</a><br />karthickhttps://www.blogger.com/profile/02930521516581023863noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-75605960036205201042021-02-16T20:24:03.375-08:002021-02-16T20:24:03.375-08:00Truly a great post. Thanks for such a great inform...Truly a great post. Thanks for such a great information.<br /><a href="https://www.1800autopsy.com/" rel="nofollow">Autopsy</a><br /><a href="https://www.1800autopsy.com/services/" rel="nofollow">Postmortem Mesothelioma Diagnosis</a>Autopsy Post Services, Inc.https://www.blogger.com/profile/09926431239502448336noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-4477385834356241792020-11-18T16:02:47.635-08:002020-11-18T16:02:47.635-08:00First thing, Thank you for all the great informati...First thing, Thank you for all the great information Mark,<br />I hope you still check these comments lol.<br />I am in the middle of trying to create an image of a samsung s6 edge that has a password enabled on it and does not currently have developer mode enabled. So i am stuck on being able to use adp on the device. Any advice on what i could do?Evonikhttps://www.blogger.com/profile/04378259239291448955noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-45011854644684966002020-02-04T10:53:31.171-08:002020-02-04T10:53:31.171-08:00Recovering deleted files takes a physical image. B...Recovering deleted files takes a physical image. But you should probably first read over this one: http://freeandroidforensics.blogspot.com/2017/05/a-quick-note-on-imaging-newer-android.html<br /><br />Also in the years since I wrote this post, recovering deleted files has become much harder between encryption and some devices handling deletion better.Mark Lohrumhttps://www.blogger.com/profile/07077867576734525405noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-80356633686950760252020-01-28T05:13:26.847-08:002020-01-28T05:13:26.847-08:00Hi Mark Lohrum,
I have to recover some deleted fil...Hi Mark Lohrum,<br />I have to recover some deleted files of an app from Samsung tablet.<br />I want to know if I have to image the whole tablet for that.<br /><br />Thanks in advance.Unknownhttps://www.blogger.com/profile/08743873009328899121noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-4932986082551923742019-01-12T06:56:05.445-08:002019-01-12T06:56:05.445-08:00Not really unless you just want a file system pull...Not really unless you just want a file system pull ... http://freeandroidforensics.blogspot.com/2018/04/obtaining-all-files-in-data-partition.htmlMark Lohrumhttps://www.blogger.com/profile/07077867576734525405noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-46968605385618093832019-01-12T06:55:11.750-08:002019-01-12T06:55:11.750-08:00You might need to image your userdata separately. ...You might need to image your userdata separately. Check out this post... http://freeandroidforensics.blogspot.com/2017/05/a-quick-note-on-imaging-newer-android.htmlMark Lohrumhttps://www.blogger.com/profile/07077867576734525405noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-51048373135996076752019-01-07T21:32:58.373-08:002019-01-07T21:32:58.373-08:00hi mark lohrum
I want to ask, why when I do live ...hi mark lohrum<br /><br />I want to ask, why when I do live imaging on my mobile get a data transfer speed of 2.7MB / s?<br /><br />is there a way to increase the speed of data transfer during the imaging process?<br /><br />I want to know what can affect the speed of data transfer during the imaging process?Waldyhttps://www.blogger.com/profile/13425355102046195424noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-10107624792426973132018-12-29T01:19:23.320-08:002018-12-29T01:19:23.320-08:00Hello,
I have a rooted HTC 10 running Android 7....Hello, <br /><br />I have a rooted HTC 10 running Android 7.0 with busybox and supersu and I imaged my device in a couple of ways (one being the excellent tutorial "Using Windows to Live Image an Android device") but when ran through Autopsy, FTK Imager, Scalpel, or TestDisk it yields zero results.<br /><br />I have imaged the entire device with mmcblk0 as a DD file, as well as what I assume is the userdata partition(?) dm-0 as a DD file. The internal memory is 23.7 GB with 10.9 GB currently being used, however the entire device image I get from it is consistently 58.7 GB, and the dm-0 was something like 40+ GB (maybe almost 50 GB? I have limited hard drive space to work with so I have already deleted it, apologize).<br /><br />Autopsy gives me the error "Errors occurred while ingesting image 1. Cannot determine file system type (Sector offset: 0)", FTK Imager tells me the dd file is not valid evidence and it could not find a valid image, Scalpel doesn't find any of the file types I'm looking for, and testdisk doesn't find any partitions. <br /><br />Autopsy CAN, however, open the mmcblk0 DD file as a logical file or unallocated space image file, where it has 3851538 pages I can view in hex or strings. <br /><br />...So for some reason unbeknownst to me, my image files cannot be detected as such. The DD files seem to have been created correctly, is it a device system compatibility thing? Something with it being Android 7.0? I just don't get it. My endgame with this project is to see if videos, images, and text messages deleted off of my phone are retrievable BTW. The most important are the text messages (text message rough drafts to be specific, I'm not sure where those are allocated to in the memory but I will cross that bridge when I come to it), then the videos, and the least important would be the images/photos.The Wordsmithhttps://www.blogger.com/profile/13765100731286366137noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-17646233948474864262018-02-07T15:04:32.703-08:002018-02-07T15:04:32.703-08:00I wrote an entire post about it. http://freeandroi...I wrote an entire post about it. http://freeandroidforensics.blogspot.com/2015/01/viewing-sqlite-databases.htmlMark Lohrumhttps://www.blogger.com/profile/07077867576734525405noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-48183736613417635732018-02-06T03:28:33.479-08:002018-02-06T03:28:33.479-08:00Is there any way to extract database file(.db) fro...Is there any way to extract database file(.db) from dd imageShttps://www.blogger.com/profile/09620934728923126702noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-64481368321466721932018-02-05T23:15:39.485-08:002018-02-05T23:15:39.485-08:00Autopsy tool has recovered my multimedia & off...Autopsy tool has recovered my multimedia & office files successfully but I am not able to search com.android.providers.telephony file where can I search for that in autopsyShttps://www.blogger.com/profile/09620934728923126702noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-78967052085743224382018-02-05T15:57:33.086-08:002018-02-05T15:57:33.086-08:00Run the mount command and email me the resultsRun the mount command and email me the resultsMark Lohrumhttps://www.blogger.com/profile/07077867576734525405noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-53656450455959027902018-02-05T10:49:39.385-08:002018-02-05T10:49:39.385-08:00I have made entire image of my mobile in autopsy t...I have made entire image of my mobile in autopsy the dd file is scanned bt in image log it is showing"errors occurred while ingesting image<br />1.Cannot determine filesystem type(Sector:81920, Partiton type:sbl1) 2.Cannot determine filesystem type(Sector:8320, Partiton type:DDR)"Shttps://www.blogger.com/profile/09620934728923126702noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-30562724344795569912018-02-05T10:37:08.667-08:002018-02-05T10:37:08.667-08:00This comment has been removed by the author.Shttps://www.blogger.com/profile/09620934728923126702noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-41818470267635096202018-02-04T08:58:43.357-08:002018-02-04T08:58:43.357-08:00This comment has been removed by the author.Shttps://www.blogger.com/profile/09620934728923126702noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-18057062138932566202018-02-03T08:40:09.624-08:002018-02-03T08:40:09.624-08:00You might need to image userdata separately. http:...You might need to image userdata separately. http://freeandroidforensics.blogspot.com/2017/05/a-quick-note-on-imaging-newer-android.htmlMark Lohrumhttps://www.blogger.com/profile/07077867576734525405noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-15574393919723160842018-02-02T07:01:30.521-08:002018-02-02T07:01:30.521-08:00Ohk got it thanks for the help. I have created ima...Ohk got it thanks for the help. I have created image but not entire image of motoG3 device the data in it I could recover with foremost but autopsy tool is not displaying any data Shttps://www.blogger.com/profile/09620934728923126702noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-19974053577292968412018-02-01T17:54:10.121-08:002018-02-01T17:54:10.121-08:00There's no write blocking. If you hook the pho...There's no write blocking. If you hook the phone up to a write blocker, adb commands won't work. Live imaging is inherently different from dead imaging like a hard drive hooked up to a write blocker.<br />My first real lab in my first digital forensics class was imaging a hard drive. Write blocker, md5 hashes, all that fun stuff. So it was quite a leap to live image a phone instead.<br />The best equivalent to the hard drive imaging is to perform a chipoff and read the chip like a drive via a reader. And that all requires a lot of experience, expensive equipment, and if it doesn't work you've got no turning back.<br />I hope that all makes sense!Mark Lohrumhttps://www.blogger.com/profile/07077867576734525405noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-17864828913106438572018-02-01T05:01:50.412-08:002018-02-01T05:01:50.412-08:00Thanks it worked... I also wanted to know whether ...Thanks it worked... I also wanted to know whether we can use write blocker while creating image so as to block write access. If so what would be command for thatShttps://www.blogger.com/profile/09620934728923126702noreply@blogger.comtag:blogger.com,1999:blog-6748555274835706450.post-34522213513292687262018-01-28T13:12:11.828-08:002018-01-28T13:12:11.828-08:00busybox md5sum /dev/block/whatever_you_are_hashing...busybox md5sum /dev/block/whatever_you_are_hashing<br />Note, it appears not all versions of busybox have md5sum. I have it on two different devices - one has it, the other doesn't. Need to be root to get the hash of a /dev/blockMark Lohrumhttps://www.blogger.com/profile/07077867576734525405noreply@blogger.com