±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36775
New Yesterday: 0 Visitors: 118

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Android based phones

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

seany86
Newbie
 

Android based phones

Post Posted: Feb 19, 09 02:18

Hi,

Just out of my own personal study. I have been trying to image internal memory of an android based phone (G1).

After reading up on the android and how the system work i have come across a set of functions that developers are able to use in order to use them in making apps.

As its a linux based system, i was going to do the same as i have done with the iphone which was DD the memory and send it over wireless to my system. But, that required me to jailbreak the phone.

So anyways, i attempted to do these but it kept asking for root access ( which i thought all androids had root) I found out that only the older models had full function of root. So this would again require me to "JailBreak" the phone.

I am looking for a way in order to image the memory in a way that is still forensically sound. I have tried a number of tools, .XRY which i have had trouble in the past. Paraben device sezuire and Oxygen None were able to read the phone.

As i am a 3rd year forensics student i was unable to have a full run of all the tools that you members may have access to. Are there any tools that will allow me to do this?

Thank you

Sean  
 
  

trewmte
Senior Member
 

Re: Android based phones

Post Posted: Feb 19, 09 04:18

seany86 I don't want to disappoint you but with mobile phones and the terms "image" and "forensically sound" may not always go together. Android only came out last year (June 2008) and the device is constantly changing.

Have you been through to developers website?

I also have the android USB windows app and user guides if that would help you?
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

ahoog
Member
 

Re: Android based phones

Post Posted: Feb 19, 09 09:27

I think there are some possibilities to get a dd image from a phone running Android (although new phones have been announced, today it's only the G1/HTC Dream).

As Sean mentioned, Android is open source and based on Linux. The core OS actually has dd already complied and installed...not cp so if you want to copy files to and from at a low level you use dd. It should be simple to compile netcat for that version of Linux. So, basically install that package/binary, get root (not the same as jail breaking) and then telnet/ssh. After that, with WiFi support built in, I think imaging the user partition should be straight forward.

I am actively researching this as we speak. I hope to have some answers in the near future and will post on my blog. If anyone has direct experience with this/Android, I'd like to chat with you about it more.
_________________
Andrew Hoog
viaForensics
viaforensics.com/ 
 
  

seany86
Newbie
 

Re: Android based phones

Post Posted: Feb 19, 09 15:04

In the later models root access is locked out. So, at the moment the only way to do so it to downgrade the firmware to one where root access is allowed.

I saw that Oxygen is supposed to support android in later version, have to wait and see.  
 
  

trewmte
Senior Member
 

Re: Android based phones

Post Posted: Feb 19, 09 16:09

- seany86
"In the later models root access is locked out."


What do you base that statement on seany86?

Do you have a statement from Android that says that or is that your own conclusion?
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

DFICSI
Senior Member
 

Re: Android based phones

Post Posted: Feb 19, 09 19:47

I have a G1 (and love it). Root access is not accessible on it without 'jailbreaking'. Older firmware version allowed this access but no longer.

This is a bit of a pain as the G1 keeps all data on the internal memory of the phone and only uses the memory card for music, etc.

Jailbreaking/custom firmware is not that easy either as most of the work on that has been done on the US phones, the firmware on UK phones is different and very few people have shared what information they have about jailbreaking the UK G1.

The other thing is that all apps on the G1 are run in a Java VM. So its not a simple case of writing a program to give you full access to the phone.

If you're going to play with the G1 might I recommend downloading and configuring the Android SDK as that provides a virtual android platform with which to play, with no risk to the actual device.
_________________
The views expressed by me do not reflect on my employer or the quality of work I produce Wink
www.forensic4cast.com 
 
  

trewmte
Senior Member
 

Re: Android based phones

Post Posted: Feb 19, 09 20:21

This is not my find. Does this work though, appreciate this may not meet the OP's requirement of forensically sound. I don't have an android so can't test this right now.

Apparently, there is a loophole in the G1 Android handsets using "PTerminal application".

"PTerminal is available for download from the Android Market and can apparently be used to start a telnet connection on your G1 which can then be accessed from your PC - giving you root access to the device."

- Turn on your phone's WiFi. This gives your phone an IP you can reach it at.

- Get to a command prompt on your device by using the PTerminal application from the Android Market. (adb shell does not seem to work with these instructions, telnetd does not start up)

- cd system

- cd bin

- telnetd

- netstat (get your phones IP)

- telnet into your phone's IP from your PC

you now have root!
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 

Page 1 of 2
Page 1, 2  Next