This chapter has covered many topics related to logical extractions of Android devices. As a recap, the various methods and their requirements are as follows:
Method |
Requirements |
---|---|
ADB pull |
|
ADB pull from Recovery Mode |
|
Fastboot to boot from custom recovery image |
|
ADB backup |
|
ADB dumpsys |
|
SIM card extraction |
|
Additionally, valuable user data can be recovered from the SD card, which will be covered in Chapter 5, Extracting Data Physically from Android Devices.
If a screen is locked, an examiner can pull the key files using the methods listed above and crack them in order to bypass it.
There is a lot of data in this chapter. To help simplify it somewhat, a suggested best practices flow chart is shown as follows:
.