Android Forensic

This Python script dumps all necessary SQLite Databases from a connected automaton smartphone to the native disk and analyzes these files in an exceedingly forensically correct progress. If no smartphone is connected you'll be able to specify an area directory that contains the databases you wish to researchsubsequently this script creates a clearly structured XML report. 

If you connect a smartphone you would like a frozen and insecure kernel or a custom recovery put inon the smartphone. 

Forensic principles: ADEL is meant to treat knowledge in an exceedingly forensically correctmethod. This goal is reached by the very fact that activities aren't conducted directly on the phonehowever on a duplicate of the databases. This procedure assures that knowledge doesn't becomemodified, neither by the users of ADEL nor by Associate in Nursing uncompromised software systemso as to proof the rhetorical correctness of ADEL, hash values area unit calculatedprevious and when every analysis, to ensure that drop knowledge didn't become modifiedthroughout analysis. 

Extendibility: ADEL has been modularly designed and contains 2 separate modules: the analysis and also the report module. Predefined interfaces exist between these modules and each of them may besimply amended by further functions. The standard structure permits for merchandising and analyzing additional databases of smartphones while not nice effort and facilitates updates of the system within the future. 

Usability: the utilization of ADEL is meant to be as easy as doable to permit its use by eachqualified persons and non-experts. At best, the Associate in Nursingalysis of the movable is conducted in an autonomous method so the user doesn't receive any notice of internal processes. Moreover, the report module creates a close report in an exceedingly clear kindtogether with all of the decoded knowledgethroughout the execution, ADEL optionally writes an in depth log filewherever all of the necessary steps that were dead area unit derived.

ADEL wants a predefined configuration for every device to figure correct. This configuration shouldbe another within the following file: 


As Associate in Nursing example we tend to another the configuration for the Samsung Galaxy S2 running automaton a pair of.3.3, a lot of phone configurations can follow. 
Example for the utilization of ADEL with a connected smartphone: -d device -l four 

Example for the utilization of ADEL with info backups: -d /home/user/backup -l four 

In the current development state, the subsequent databases area unit forensically treated and parsed:

phonephone and SIM-card data (e. g. IMSI and serial number) 
phonebook and decision lists, 
calendar entries, 
SMS messages, 
GPS locations from totally different sources on the smartphone. 

ADEL currently makes use of a custom recovery image supported the Clockworkmod-Recovery. as a result of this alteration you are doing not ought to modify the kernel or the adb daemon any longermoreover, on some newer smartphones you'll be able to load the changed recovery to RAM via fastboot, thus you do not ought to do any persistent changes to the smartphone.

Post a Comment