SlideShare a Scribd company logo

Android forensik 4

Download as PPTX, PDF
Caisar Oentoro
Caisar Oentoro
Technology
1 of 11
Android Forensic Digital Image Recovery by Group 15
Highlight Step 1 Step 2 Data Step 3 Presentation Identification Preservation Analysis
Sceneario • Format SDCard for testing (full format / fill zero) 1 • Copy evidence file(s) to external & internal memory card 2 • Get images from external & internal memory with USB Image Tools & dd command 2 • Delete the evidence file(s) (in this case as .JPEG image) with local application (ES Explorer) 3 • Get images (again) from external & internal memory with USB Image Tools & dd command 4 • Extract all kind of files from both images with Files Scavenger. 5 • Compares extracted and founded evidences with real file(s) with JPEGNoob 6 • If the same, then recovery process is successfull 7
Phone Identification Android System Info
Data Preservation Creating Internal Memory’s Image Files: dd command : dd if=/dev/mtd/mtdx of=/mnt/sdcard bs=4096
Data Preservation Creating External Memory’s Image Files: 1. Enable USB Mode 2. Create Images with USB Image Tool 3. [Optional] Can use md5 checking
Analysis • Use File Scavenger to acquire all (deleted + hidden) data • Find ‘likely’ successfull recovered digital picture (cause sometimes the recovered image/picture has different name). • Compare real image and recovered image with JPEGSnoop (For JPEG)
Before and After Formatting with Android Format Utility
Comparasion
Conclusion • Recovering data in internal memory card was very hard to do especially if the memory size is small, because usually it will automatically ‘fully deleted’ • In External Memory, deleting files doesn’t delete the real files. The deleted files still resident the memory in, often in the same path.
That’s from us

Recommended

How to Recover Deleted Files for Free with Recuva
How to Recover Deleted Files for Free with RecuvaHow to Recover Deleted Files for Free with Recuva
How to Recover Deleted Files for Free with Recuva
maggiemiao
 
Android forensik 1
Android forensik 1Android forensik 1
Android forensik 1
Caisar Oentoro
 
Android forensik 2
Android forensik 2Android forensik 2
Android forensik 2
Caisar Oentoro
 
Smartphone forensic
Smartphone forensicSmartphone forensic
Smartphone forensic
00heights
 
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014
Friedger Müffke
 
Sekilas tentang digital forensik
Sekilas tentang digital forensikSekilas tentang digital forensik
Sekilas tentang digital forensik
Agung Subroto
 
Bioteknologi di bidang forensik
Bioteknologi di bidang forensikBioteknologi di bidang forensik
Bioteknologi di bidang forensik
Jessy Damayanti
 
Digital forensic upload
Digital forensic uploadDigital forensic upload
Digital forensic upload
Setia Juli Irzal Ismail
 

Recommended

How to Recover Deleted Files for Free with Recuva
How to Recover Deleted Files for Free with RecuvaHow to Recover Deleted Files for Free with Recuva
How to Recover Deleted Files for Free with Recuva
maggiemiao
 
Android forensik 1
Android forensik 1Android forensik 1
Android forensik 1
Caisar Oentoro
 
Android forensik 2
Android forensik 2Android forensik 2
Android forensik 2
Caisar Oentoro
 
Smartphone forensic
Smartphone forensicSmartphone forensic
Smartphone forensic
00heights
 
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014
Friedger Müffke
 
Sekilas tentang digital forensik
Sekilas tentang digital forensikSekilas tentang digital forensik
Sekilas tentang digital forensik
Agung Subroto
 
Bioteknologi di bidang forensik
Bioteknologi di bidang forensikBioteknologi di bidang forensik
Bioteknologi di bidang forensik
Jessy Damayanti
 
Digital forensic upload
Digital forensic uploadDigital forensic upload
Digital forensic upload
Setia Juli Irzal Ismail
 
Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery Image
Mohamed Khaled
 
Top 10 free sd card recovery software in 2020
Top 10 free sd card recovery software in 2020Top 10 free sd card recovery software in 2020
Top 10 free sd card recovery software in 2020
Well Wowtail
 
Having Bad Sectors on Hard drive?
Having Bad Sectors on Hard drive?Having Bad Sectors on Hard drive?
Having Bad Sectors on Hard drive?
sangysimmons
 
Hard drive data recovery
Hard drive data recoveryHard drive data recovery
Hard drive data recovery
Yodot
 
Recover Deleted Files from Hard Drive
Recover Deleted Files from Hard DriveRecover Deleted Files from Hard Drive
Recover Deleted Files from Hard Drive
Yodot
 
CNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic DuplicationCNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic Duplication
Sam Bowne
 
Recover Data from Memory Card
Recover Data from Memory CardRecover Data from Memory Card
Recover Data from Memory Card
Yodot
 
Sandisk card recovery guide
Sandisk card recovery guideSandisk card recovery guide
Sandisk card recovery guide
bob simpson
 
Backing up your computer
Backing up your computerBacking up your computer
Backing up your computer
clcewing
 
Stellar phoenix dvd data recovery
Stellar phoenix dvd data recoveryStellar phoenix dvd data recovery
Stellar phoenix dvd data recovery
smith bush
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imager
ParminderKaurBScHons
 
How to Recover Lost Files
How to Recover Lost FilesHow to Recover Lost Files
How to Recover Lost Files
Yodot
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
Sam Bowne
 
Workshop 2 revised
Workshop 2 revisedWorkshop 2 revised
Workshop 2 revised
peterchanws
 
Memory card recovery software
Memory card recovery softwareMemory card recovery software
Memory card recovery software
memory card recovery
 
Memory stick recovery
Memory stick recoveryMemory stick recovery
Memory stick recovery
Memory Stick Recovery
 
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
christinemaritza
 
One-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic AnalysisOne-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic Analysis
Takahiro Haruyama
 
Recover Data from Memory Stick
Recover Data from Memory StickRecover Data from Memory Stick
Recover Data from Memory Stick
Yodot
 
Photos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" errorPhotos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" error
Macbook PhotoRecovery
 
D3.JS Data-Driven Documents
D3.JS Data-Driven DocumentsD3.JS Data-Driven Documents
D3.JS Data-Driven Documents
Caisar Oentoro
 
Android forensik
Android forensikAndroid forensik
Android forensik
Caisar Oentoro
 

More Related Content

Similar to Android forensik 4

Backing up your computer
Backing up your computerBacking up your computer
Backing up your computer
clcewing
 
Workshop 2 revised
Workshop 2 revisedWorkshop 2 revised
Workshop 2 revised
peterchanws
 
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
christinemaritza
 
One-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic AnalysisOne-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic Analysis
Takahiro Haruyama
 
Photos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" errorPhotos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" error
Macbook PhotoRecovery
 

Similar to Android forensik 4 (20)

Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery Image
 
Top 10 free sd card recovery software in 2020
Top 10 free sd card recovery software in 2020Top 10 free sd card recovery software in 2020
Top 10 free sd card recovery software in 2020
 
Having Bad Sectors on Hard drive?
Having Bad Sectors on Hard drive?Having Bad Sectors on Hard drive?
Having Bad Sectors on Hard drive?
 
Hard drive data recovery
Hard drive data recoveryHard drive data recovery
Hard drive data recovery
 
Recover Deleted Files from Hard Drive
Recover Deleted Files from Hard DriveRecover Deleted Files from Hard Drive
Recover Deleted Files from Hard Drive
 
CNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic DuplicationCNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic Duplication
 
Recover Data from Memory Card
Recover Data from Memory CardRecover Data from Memory Card
Recover Data from Memory Card
 
Sandisk card recovery guide
Sandisk card recovery guideSandisk card recovery guide
Sandisk card recovery guide
 
Backing up your computer
Backing up your computerBacking up your computer
Backing up your computer
 
Stellar phoenix dvd data recovery
Stellar phoenix dvd data recoveryStellar phoenix dvd data recovery
Stellar phoenix dvd data recovery
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imager
 
How to Recover Lost Files
How to Recover Lost FilesHow to Recover Lost Files
How to Recover Lost Files
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
 
Workshop 2 revised
Workshop 2 revisedWorkshop 2 revised
Workshop 2 revised
 
Memory card recovery software
Memory card recovery softwareMemory card recovery software
Memory card recovery software
 
Memory stick recovery
Memory stick recoveryMemory stick recovery
Memory stick recovery
 
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
 
One-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic AnalysisOne-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic Analysis
 
Recover Data from Memory Stick
Recover Data from Memory StickRecover Data from Memory Stick
Recover Data from Memory Stick
 
Photos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" errorPhotos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" error
 

More from Caisar Oentoro

More from Caisar Oentoro (6)

D3.JS Data-Driven Documents
D3.JS Data-Driven DocumentsD3.JS Data-Driven Documents
D3.JS Data-Driven Documents
 
Android forensik
Android forensikAndroid forensik
Android forensik
 
Greedy algorithm
Greedy algorithmGreedy algorithm
Greedy algorithm
 
Mini magazine
Mini magazineMini magazine
Mini magazine
 
Metode SMART
Metode SMARTMetode SMART
Metode SMART
 
How Reflex Works
How Reflex WorksHow Reflex Works
How Reflex Works
 

Recently uploaded

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 

Android forensik 4

  • 1. Android Forensic Digital Image Recovery by Group 15
  • 2. Highlight Step 1 Step 2 Data Step 3 Presentation Identification Preservation Analysis
  • 3. Sceneario • Format SDCard for testing (full format / fill zero) 1 • Copy evidence file(s) to external & internal memory card 2 • Get images from external & internal memory with USB Image Tools & dd command 2 • Delete the evidence file(s) (in this case as .JPEG image) with local application (ES Explorer) 3 • Get images (again) from external & internal memory with USB Image Tools & dd command 4 • Extract all kind of files from both images with Files Scavenger. 5 • Compares extracted and founded evidences with real file(s) with JPEGNoob 6 • If the same, then recovery process is successfull 7
  • 4. Phone Identification Android System Info
  • 5. Data Preservation Creating Internal Memory’s Image Files: dd command : dd if=/dev/mtd/mtdx of=/mnt/sdcard bs=4096
  • 6. Data Preservation Creating External Memory’s Image Files: 1. Enable USB Mode 2. Create Images with USB Image Tool 3. [Optional] Can use md5 checking
  • 7. Analysis • Use File Scavenger to acquire all (deleted + hidden) data • Find ‘likely’ successfull recovered digital picture (cause sometimes the recovered image/picture has different name). • Compare real image and recovered image with JPEGSnoop (For JPEG)
  • 8. Before and After Formatting with Android Format Utility
  • 10. Conclusion • Recovering data in internal memory card was very hard to do especially if the memory size is small, because usually it will automatically ‘fully deleted’ • In External Memory, deleting files doesn’t delete the real files. The deleted files still resident the memory in, often in the same path.