Beruflich Dokumente
Kultur Dokumente
Objective
Hands On
Tip: for activating USB debugging you must have developer options in your Android devices
Procedure
1
3. For activating developer options menu, Go to Setting>About Phone. Tap Build number 7
times for Xiaomi devices or other information in About phone menu. (In my case is Kernel
Number)
Tip: It’s always tap 7 times but different devices, different OS has different procedure (menu)
to get Developer Options
4. You will find the Developer options immediately in your setting. (In Additional
Setting>Developer options on Xiaomi devices).
2
5. Ensure USB Debugging is activated, go to Setting>Developer Options>USB Debugging(for
Xiaomi devices, ensure Install via USB also activated)
Tip: Tsurugi Linux is a new DFIR open source project that is and will be totally free, independent
without involving any commercial brand. The main goal is share knowledge and "give back to the
3
community". Tsurugi is an heavily customized Linux distribution designed to support your DFIR
investigations, malware analysis and open source intelligence activities.
The system is based on a 64 bits Ubuntu LTS (Long Time Support) and we preferred to use the
16.04 version to have a stable system with more supported tools, but an upgrade to 18.04 LTS
version is still planned in the roadmap with also a dedicated repository.
Important: For this workshop the Tsurugi Linux distribution is patched and added some application
for mobile forensic investigation.
4
Connecting The Device
Remember: USB debugging on your device must be activated and Virtualbox extension pack must
be installed.
Procedure
5
3. Ensure Android device is connected by running command
adb devices
Tip: Run the command on Terminator, Open Terminator by clicking Terminator logo on to
bar (beside the Firefox logo).
Tip: We will install AFLogical_OSE app(Android Apps) through the adb command, without your
hand in your devices
Procedure
Tip: On your Android screen you will see AFLogical is installed. AFLogical_OSE will extract
the following information Contacts, Call Logs, SMS, MMS, MMS Parts, Device info
3. Now, we will extract information using AFLogical_OSE by launch the apps and perform
extract data
6
4. Open yout Terminator, ensure your Android devices still detected by adb(run adb devices
command). Run the following command to launch AFLogical_OSE and performing
extraction.
sudo adb shell am start -n
com.viaforensics.android.aflogical_ose/com.viaforensics.android.Fo
rensicsActivity
5. The second command will creating forensics directory in your sdcard. Under the forensic
directory AFLogical_OSE will create result directory with “date.time” name
Tip: Extraction result is in .csv format, you can open the result using Spreadsheet application
$ adb shell
ls /sdcard/
6. Create directory under your Document directory with directory name is “Extract Result”
8. Copy the extract result from Android devices to your Extract Result directory using following
command
sudo adb pull /sdcard/forensics/ ~/Documents/ExtractResult
9. If you want to remove your AFLogical_OSE installation in your Android, use the following
command
sudo adb uninstall com.viaforensic.android
7
8