This chapter has covered many topics related to logical extractions of Android devices. As a recap, the various methods and their requirements are as follows:
Method |
Requirements |
ADB pull
|
|
ADB pull from Recovery Mode
|
|
Fastboot to boot from custom recovery image
|
|
ADB backup
|
|
ADB Dumpsys
|
|
SIM card extraction
|
|
Additionally, valuable user data can be recovered from the SD card, which will be covered in Chapter 5, Extracting Data Physically from Android Devices.
If a screen is locked, an examiner can remove the key files or remove some records from the locksettings.db database using the methods listed previously.
There is a lot of data in this chapter and to help simplify it somewhat, a suggested best practices flowchart is shown as follows: