SlideShare a Scribd company logo

Android forensik 4

Download as PPTX, PDF
Caisar Oentoro
Caisar Oentoro
Technology
1 of 11
Android Forensic Digital Image Recovery by Group 15
Highlight Step 1 Step 2 Data Step 3 Presentation Identification Preservation Analysis
Sceneario • Format SDCard for testing (full format / fill zero) 1 • Copy evidence file(s) to external & internal memory card 2 • Get images from external & internal memory with USB Image Tools & dd command 2 • Delete the evidence file(s) (in this case as .JPEG image) with local application (ES Explorer) 3 • Get images (again) from external & internal memory with USB Image Tools & dd command 4 • Extract all kind of files from both images with Files Scavenger. 5 • Compares extracted and founded evidences with real file(s) with JPEGNoob 6 • If the same, then recovery process is successfull 7
Phone Identification Android System Info
Data Preservation Creating Internal Memory’s Image Files: dd command : dd if=/dev/mtd/mtdx of=/mnt/sdcard bs=4096
Data Preservation Creating External Memory’s Image Files: 1. Enable USB Mode 2. Create Images with USB Image Tool 3. [Optional] Can use md5 checking
Analysis • Use File Scavenger to acquire all (deleted + hidden) data • Find ‘likely’ successfull recovered digital picture (cause sometimes the recovered image/picture has different name). • Compare real image and recovered image with JPEGSnoop (For JPEG)
Before and After Formatting with Android Format Utility
Comparasion
Conclusion • Recovering data in internal memory card was very hard to do especially if the memory size is small, because usually it will automatically ‘fully deleted’ • In External Memory, deleting files doesn’t delete the real files. The deleted files still resident the memory in, often in the same path.
That’s from us

Recommended

How to Recover Deleted Files for Free with Recuva
How to Recover Deleted Files for Free with RecuvaHow to Recover Deleted Files for Free with Recuva
How to Recover Deleted Files for Free with Recuvamaggiemiao
 
Android forensik 1
Android forensik 1Android forensik 1
Android forensik 1Caisar Oentoro
 
Android forensik 2
Android forensik 2Android forensik 2
Android forensik 2Caisar Oentoro
 
Smartphone forensic
Smartphone forensicSmartphone forensic
Smartphone forensic00heights
 
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014Friedger Müffke
 
Sekilas tentang digital forensik
Sekilas tentang digital forensikSekilas tentang digital forensik
Sekilas tentang digital forensikAgung Subroto
 
Bioteknologi di bidang forensik
Bioteknologi di bidang forensikBioteknologi di bidang forensik
Bioteknologi di bidang forensikJessy Damayanti
 
Digital forensic upload
Digital forensic uploadDigital forensic upload
Digital forensic uploadSetia Juli Irzal Ismail
 

Recommended

How to Recover Deleted Files for Free with Recuva
How to Recover Deleted Files for Free with RecuvaHow to Recover Deleted Files for Free with Recuva
How to Recover Deleted Files for Free with Recuvamaggiemiao
 
Android forensik 1
Android forensik 1Android forensik 1
Android forensik 1Caisar Oentoro
 
Android forensik 2
Android forensik 2Android forensik 2
Android forensik 2Caisar Oentoro
 
Smartphone forensic
Smartphone forensicSmartphone forensic
Smartphone forensic00heights
 
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014Friedger Müffke
 
Sekilas tentang digital forensik
Sekilas tentang digital forensikSekilas tentang digital forensik
Sekilas tentang digital forensikAgung Subroto
 
Bioteknologi di bidang forensik
Bioteknologi di bidang forensikBioteknologi di bidang forensik
Bioteknologi di bidang forensikJessy Damayanti
 
Digital forensic upload
Digital forensic uploadDigital forensic upload
Digital forensic uploadSetia Juli Irzal Ismail
 
Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageMohamed Khaled
 
Top 10 free sd card recovery software in 2020
Top 10 free sd card recovery software in 2020Top 10 free sd card recovery software in 2020
Top 10 free sd card recovery software in 2020Well Wowtail
 
Having Bad Sectors on Hard drive?
Having Bad Sectors on Hard drive?Having Bad Sectors on Hard drive?
Having Bad Sectors on Hard drive?sangysimmons
 
Hard drive data recovery
Hard drive data recoveryHard drive data recovery
Hard drive data recoveryYodot
 
Recover Deleted Files from Hard Drive
Recover Deleted Files from Hard DriveRecover Deleted Files from Hard Drive
Recover Deleted Files from Hard DriveYodot
 
CNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic DuplicationCNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic DuplicationSam Bowne
 
Recover Data from Memory Card
Recover Data from Memory CardRecover Data from Memory Card
Recover Data from Memory CardYodot
 
Sandisk card recovery guide
Sandisk card recovery guideSandisk card recovery guide
Sandisk card recovery guidebob simpson
 
Backing up your computer
Backing up your computerBacking up your computer
Backing up your computerclcewing
 
Stellar phoenix dvd data recovery
Stellar phoenix dvd data recoveryStellar phoenix dvd data recovery
Stellar phoenix dvd data recoverysmith bush
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imagerParminderKaurBScHons
 
How to Recover Lost Files
How to Recover Lost FilesHow to Recover Lost Files
How to Recover Lost FilesYodot
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationSam Bowne
 
Workshop 2 revised
Workshop 2 revisedWorkshop 2 revised
Workshop 2 revisedpeterchanws
 
Memory card recovery software
Memory card recovery softwareMemory card recovery software
Memory card recovery softwarememory card recovery
 
Memory stick recovery
Memory stick recoveryMemory stick recovery
Memory stick recoveryMemory Stick Recovery
 
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxchristinemaritza
 
One-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic AnalysisOne-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic AnalysisTakahiro Haruyama
 
Recover Data from Memory Stick
Recover Data from Memory StickRecover Data from Memory Stick
Recover Data from Memory StickYodot
 
Photos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" errorPhotos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" errorMacbook PhotoRecovery
 
D3.JS Data-Driven Documents
D3.JS Data-Driven DocumentsD3.JS Data-Driven Documents
D3.JS Data-Driven DocumentsCaisar Oentoro
 
Android forensik
Android forensikAndroid forensik
Android forensikCaisar Oentoro
 

More Related Content

Similar to Android forensik 4

Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageMohamed Khaled
 
Top 10 free sd card recovery software in 2020
Top 10 free sd card recovery software in 2020Top 10 free sd card recovery software in 2020
Top 10 free sd card recovery software in 2020Well Wowtail
 
Having Bad Sectors on Hard drive?
Having Bad Sectors on Hard drive?Having Bad Sectors on Hard drive?
Having Bad Sectors on Hard drive?sangysimmons
 
Hard drive data recovery
Hard drive data recoveryHard drive data recovery
Hard drive data recoveryYodot
 
Recover Deleted Files from Hard Drive
Recover Deleted Files from Hard DriveRecover Deleted Files from Hard Drive
Recover Deleted Files from Hard DriveYodot
 
CNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic DuplicationCNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic DuplicationSam Bowne
 
Recover Data from Memory Card
Recover Data from Memory CardRecover Data from Memory Card
Recover Data from Memory CardYodot
 
Sandisk card recovery guide
Sandisk card recovery guideSandisk card recovery guide
Sandisk card recovery guidebob simpson
 
Backing up your computer
Backing up your computerBacking up your computer
Backing up your computerclcewing
 
Stellar phoenix dvd data recovery
Stellar phoenix dvd data recoveryStellar phoenix dvd data recovery
Stellar phoenix dvd data recoverysmith bush
 
How to Recover Lost Files
How to Recover Lost FilesHow to Recover Lost Files
How to Recover Lost FilesYodot
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationSam Bowne
 
Workshop 2 revised
Workshop 2 revisedWorkshop 2 revised
Workshop 2 revisedpeterchanws
 
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxchristinemaritza
 
One-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic AnalysisOne-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic AnalysisTakahiro Haruyama
 
Recover Data from Memory Stick
Recover Data from Memory StickRecover Data from Memory Stick
Recover Data from Memory StickYodot
 
Photos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" errorPhotos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" errorMacbook PhotoRecovery
 

Similar to Android forensik 4 (20)

Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery Image
 
Top 10 free sd card recovery software in 2020
Top 10 free sd card recovery software in 2020Top 10 free sd card recovery software in 2020
Top 10 free sd card recovery software in 2020
 
Having Bad Sectors on Hard drive?
Having Bad Sectors on Hard drive?Having Bad Sectors on Hard drive?
Having Bad Sectors on Hard drive?
 
Hard drive data recovery
Hard drive data recoveryHard drive data recovery
Hard drive data recovery
 
Recover Deleted Files from Hard Drive
Recover Deleted Files from Hard DriveRecover Deleted Files from Hard Drive
Recover Deleted Files from Hard Drive
 
CNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic DuplicationCNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic Duplication
 
Recover Data from Memory Card
Recover Data from Memory CardRecover Data from Memory Card
Recover Data from Memory Card
 
Sandisk card recovery guide
Sandisk card recovery guideSandisk card recovery guide
Sandisk card recovery guide
 
Backing up your computer
Backing up your computerBacking up your computer
Backing up your computer
 
Stellar phoenix dvd data recovery
Stellar phoenix dvd data recoveryStellar phoenix dvd data recovery
Stellar phoenix dvd data recovery
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imager
 
How to Recover Lost Files
How to Recover Lost FilesHow to Recover Lost Files
How to Recover Lost Files
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
 
Workshop 2 revised
Workshop 2 revisedWorkshop 2 revised
Workshop 2 revised
 
Memory card recovery software
Memory card recovery softwareMemory card recovery software
Memory card recovery software
 
Memory stick recovery
Memory stick recoveryMemory stick recovery
Memory stick recovery
 
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
 
One-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic AnalysisOne-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic Analysis
 
Recover Data from Memory Stick
Recover Data from Memory StickRecover Data from Memory Stick
Recover Data from Memory Stick
 
Photos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" errorPhotos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" error
 

More from Caisar Oentoro

D3.JS Data-Driven Documents
D3.JS Data-Driven DocumentsD3.JS Data-Driven Documents
D3.JS Data-Driven DocumentsCaisar Oentoro
 

More from Caisar Oentoro (6)

D3.JS Data-Driven Documents
D3.JS Data-Driven DocumentsD3.JS Data-Driven Documents
D3.JS Data-Driven Documents
 
Android forensik
Android forensikAndroid forensik
Android forensik
 
Greedy algorithm
Greedy algorithmGreedy algorithm
Greedy algorithm
 
Mini magazine
Mini magazineMini magazine
Mini magazine
 
Metode SMART
Metode SMARTMetode SMART
Metode SMART
 
How Reflex Works
How Reflex WorksHow Reflex Works
How Reflex Works
 

Recently uploaded

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Recently uploaded (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Android forensik 4

  • 1. Android Forensic Digital Image Recovery by Group 15
  • 2. Highlight Step 1 Step 2 Data Step 3 Presentation Identification Preservation Analysis
  • 3. Sceneario • Format SDCard for testing (full format / fill zero) 1 • Copy evidence file(s) to external & internal memory card 2 • Get images from external & internal memory with USB Image Tools & dd command 2 • Delete the evidence file(s) (in this case as .JPEG image) with local application (ES Explorer) 3 • Get images (again) from external & internal memory with USB Image Tools & dd command 4 • Extract all kind of files from both images with Files Scavenger. 5 • Compares extracted and founded evidences with real file(s) with JPEGNoob 6 • If the same, then recovery process is successfull 7
  • 4. Phone Identification Android System Info
  • 5. Data Preservation Creating Internal Memory’s Image Files: dd command : dd if=/dev/mtd/mtdx of=/mnt/sdcard bs=4096
  • 6. Data Preservation Creating External Memory’s Image Files: 1. Enable USB Mode 2. Create Images with USB Image Tool 3. [Optional] Can use md5 checking
  • 7. Analysis • Use File Scavenger to acquire all (deleted + hidden) data • Find ‘likely’ successfull recovered digital picture (cause sometimes the recovered image/picture has different name). • Compare real image and recovered image with JPEGSnoop (For JPEG)
  • 8. Before and After Formatting with Android Format Utility
  • 10. Conclusion • Recovering data in internal memory card was very hard to do especially if the memory size is small, because usually it will automatically ‘fully deleted’ • In External Memory, deleting files doesn’t delete the real files. The deleted files still resident the memory in, often in the same path.