Once your Android Device screen lock has been bypassed, it is time to start extracting key artifacts for examination. We will be utilizing the Android Debugging Bridge (ADB) to extract key artifacts. If you have not set this program up previously, see video below to get this up and running.
Pro Tip:
Seize any computer that was previously trusted, since the generated keys are stored as adbkey and adbkey.pub in the following locations:
Windows : %USERPOFILE%\.android systemprofile\.android
Mac OS : or /Users//.android C:\Windows\System32\config\
Using ADB bridge is pretty easy, but understanding how a specific version of a phone will react is the real skill. If you want to practice/pentest a specific phone version, Genymotion has a personal use version that is wonderful for this. Also great for practicing sideloading apps into phones or testing digital forensic tools like AFLogical to practice after unlocking phase actions.
If you play around with Genymotion, you'll see Genymotion Shell. This is a great addition to the app, but is not a shell like the cmd prompt to interact with the file system, its a shell to make phone calls, messages, basically interact with the phone as if you were a user from the outside.
So, once you have Genymotion installed and your VM of your choice of phones operational:
Pro Tip:
Seize any computer that was previously trusted, since the generated keys are stored as adbkey and adbkey.pub in the following locations:
Windows : %USERPOFILE%\.android systemprofile\.android
Mac OS : or /Users//.android C:\Windows\System32\config\
Using ADB bridge is pretty easy, but understanding how a specific version of a phone will react is the real skill. If you want to practice/pentest a specific phone version, Genymotion has a personal use version that is wonderful for this. Also great for practicing sideloading apps into phones or testing digital forensic tools like AFLogical to practice after unlocking phase actions.
If you play around with Genymotion, you'll see Genymotion Shell. This is a great addition to the app, but is not a shell like the cmd prompt to interact with the file system, its a shell to make phone calls, messages, basically interact with the phone as if you were a user from the outside.
So, once you have Genymotion installed and your VM of your choice of phones operational:
- Download Official SDK tools with ADB
- Navigate to the downloaded folder and execute commands from there.
- Run basic commands to extract artifacts.
- pullI artifacts as if you were operating as easily as on a PC
- push apps to assist in forensic investigations or bypass additional security controls
- Find adb.exe on your <Android SDK>/platform-tools folders or Download ADB Kits (adb.exe, AdbWinApi.dll, AdbWinUsbApi.dll)Notes: Android SDK path: %LOCALAPPDATA%\Android\sdk => C:\Users\<user nam>\AppData\Local\Android\sdkOpen command prompt. (Press Windows Key + R, type in "cmd")
cd <adb-path> cd c:\Users\Linda\AppData\Local\Android\sdk\platform-tools\
adb devices
- Load into an investigative environment. Check out previous posts on how to set up a home lab!
Comments
Post a Comment