SlideShare a Scribd company logo

Android forensik 4

Download as PPTX, PDF
Caisar Oentoro
Caisar Oentoro

This document summarizes steps for performing Android mobile device forensics: 1. Format memory cards and copy evidence files to internal and external memory. 2. Create disk images of the internal and external memory using dd and USB imaging tools before and after deleting evidence files. 3. Analyze the images using file recovery software to extract all files, then compare recovered files to originals to check if recovery was successful.

Technology
1 of 11
Android Forensic Digital Image Recovery by Group 15
Highlight Step 1 Step 2 Data Step 3 Presentation Identification Preservation Analysis
Sceneario • Format SDCard for testing (full format / fill zero) 1 • Copy evidence file(s) to external & internal memory card 2 • Get images from external & internal memory with USB Image Tools & dd command 2 • Delete the evidence file(s) (in this case as .JPEG image) with local application (ES Explorer) 3 • Get images (again) from external & internal memory with USB Image Tools & dd command 4 • Extract all kind of files from both images with Files Scavenger. 5 • Compares extracted and founded evidences with real file(s) with JPEGNoob 6 • If the same, then recovery process is successfull 7
Phone Identification Android System Info
Data Preservation Creating Internal Memory’s Image Files: dd command : dd if=/dev/mtd/mtdx of=/mnt/sdcard bs=4096
Data Preservation Creating External Memory’s Image Files: 1. Enable USB Mode 2. Create Images with USB Image Tool 3. [Optional] Can use md5 checking
Analysis • Use File Scavenger to acquire all (deleted + hidden) data • Find ‘likely’ successfull recovered digital picture (cause sometimes the recovered image/picture has different name). • Compare real image and recovered image with JPEGSnoop (For JPEG)
Before and After Formatting with Android Format Utility
Comparasion
Conclusion • Recovering data in internal memory card was very hard to do especially if the memory size is small, because usually it will automatically ‘fully deleted’ • In External Memory, deleting files doesn’t delete the real files. The deleted files still resident the memory in, often in the same path.
That’s from us

Recommended

How to Recover Deleted Files for Free with Recuva
How to Recover Deleted Files for Free with RecuvaHow to Recover Deleted Files for Free with Recuva
How to Recover Deleted Files for Free with Recuva
maggiemiao
 
Android forensik 1
Android forensik 1Android forensik 1
Android forensik 1
Caisar Oentoro
 
Android forensik 2
Android forensik 2Android forensik 2
Android forensik 2
Caisar Oentoro
 
Smartphone forensic
Smartphone forensicSmartphone forensic
Smartphone forensic
00heights
 
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014
Friedger Müffke
 
Sekilas tentang digital forensik
Sekilas tentang digital forensikSekilas tentang digital forensik
Sekilas tentang digital forensik
Agung Subroto
 
Bioteknologi di bidang forensik
Bioteknologi di bidang forensikBioteknologi di bidang forensik
Bioteknologi di bidang forensik
Jessy Damayanti
 
Digital forensic upload
Digital forensic uploadDigital forensic upload
Digital forensic upload
Setia Juli Irzal Ismail
 

Recommended

How to Recover Deleted Files for Free with Recuva
How to Recover Deleted Files for Free with RecuvaHow to Recover Deleted Files for Free with Recuva
How to Recover Deleted Files for Free with Recuva
maggiemiao
 
Android forensik 1
Android forensik 1Android forensik 1
Android forensik 1
Caisar Oentoro
 
Android forensik 2
Android forensik 2Android forensik 2
Android forensik 2
Caisar Oentoro
 
Smartphone forensic
Smartphone forensicSmartphone forensic
Smartphone forensic
00heights
 
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014
Web Wishes, Intents, Extensions, .. Friedger Müffke, droidcon London 2014
Friedger Müffke
 
Sekilas tentang digital forensik
Sekilas tentang digital forensikSekilas tentang digital forensik
Sekilas tentang digital forensik
Agung Subroto
 
Bioteknologi di bidang forensik
Bioteknologi di bidang forensikBioteknologi di bidang forensik
Bioteknologi di bidang forensik
Jessy Damayanti
 
Digital forensic upload
Digital forensic uploadDigital forensic upload
Digital forensic upload
Setia Juli Irzal Ismail
 
Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery Image
Mohamed Khaled
 
Top 10 free sd card recovery software in 2020
Top 10 free sd card recovery software in 2020Top 10 free sd card recovery software in 2020
Top 10 free sd card recovery software in 2020
Well Wowtail
 
Having Bad Sectors on Hard drive?
Having Bad Sectors on Hard drive?Having Bad Sectors on Hard drive?
Having Bad Sectors on Hard drive?
sangysimmons
 
Hard drive data recovery
Hard drive data recoveryHard drive data recovery
Hard drive data recovery
Yodot
 
Recover Deleted Files from Hard Drive
Recover Deleted Files from Hard DriveRecover Deleted Files from Hard Drive
Recover Deleted Files from Hard Drive
Yodot
 
CNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic DuplicationCNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic Duplication
Sam Bowne
 
Recover Data from Memory Card
Recover Data from Memory CardRecover Data from Memory Card
Recover Data from Memory Card
Yodot
 
Sandisk card recovery guide
Sandisk card recovery guideSandisk card recovery guide
Sandisk card recovery guide
bob simpson
 
Backing up your computer
Backing up your computerBacking up your computer
Backing up your computer
clcewing
 
Stellar phoenix dvd data recovery
Stellar phoenix dvd data recoveryStellar phoenix dvd data recovery
Stellar phoenix dvd data recovery
smith bush
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imager
ParminderKaurBScHons
 
How to Recover Lost Files
How to Recover Lost FilesHow to Recover Lost Files
How to Recover Lost Files
Yodot
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
Sam Bowne
 
Workshop 2 revised
Workshop 2 revisedWorkshop 2 revised
Workshop 2 revised
peterchanws
 
Memory card recovery software
Memory card recovery softwareMemory card recovery software
Memory card recovery software
memory card recovery
 
Memory stick recovery
Memory stick recoveryMemory stick recovery
Memory stick recovery
Memory Stick Recovery
 
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
christinemaritza
 
One-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic AnalysisOne-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic Analysis
Takahiro Haruyama
 
Recover Data from Memory Stick
Recover Data from Memory StickRecover Data from Memory Stick
Recover Data from Memory Stick
Yodot
 
Photos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" errorPhotos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" error
Macbook PhotoRecovery
 
D3.JS Data-Driven Documents
D3.JS Data-Driven DocumentsD3.JS Data-Driven Documents
D3.JS Data-Driven Documents
Caisar Oentoro
 
Android forensik
Android forensikAndroid forensik
Android forensik
Caisar Oentoro
 

More Related Content

Similar to Android forensik 4

Backing up your computer
Backing up your computerBacking up your computer
Backing up your computer
clcewing
 
Workshop 2 revised
Workshop 2 revisedWorkshop 2 revised
Workshop 2 revised
peterchanws
 
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
christinemaritza
 
One-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic AnalysisOne-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic Analysis
Takahiro Haruyama
 
Photos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" errorPhotos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" error
Macbook PhotoRecovery
 

Similar to Android forensik 4 (20)

Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery Image
 
Top 10 free sd card recovery software in 2020
Top 10 free sd card recovery software in 2020Top 10 free sd card recovery software in 2020
Top 10 free sd card recovery software in 2020
 
Having Bad Sectors on Hard drive?
Having Bad Sectors on Hard drive?Having Bad Sectors on Hard drive?
Having Bad Sectors on Hard drive?
 
Hard drive data recovery
Hard drive data recoveryHard drive data recovery
Hard drive data recovery
 
Recover Deleted Files from Hard Drive
Recover Deleted Files from Hard DriveRecover Deleted Files from Hard Drive
Recover Deleted Files from Hard Drive
 
CNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic DuplicationCNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic Duplication
 
Recover Data from Memory Card
Recover Data from Memory CardRecover Data from Memory Card
Recover Data from Memory Card
 
Sandisk card recovery guide
Sandisk card recovery guideSandisk card recovery guide
Sandisk card recovery guide
 
Backing up your computer
Backing up your computerBacking up your computer
Backing up your computer
 
Stellar phoenix dvd data recovery
Stellar phoenix dvd data recoveryStellar phoenix dvd data recovery
Stellar phoenix dvd data recovery
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imager
 
How to Recover Lost Files
How to Recover Lost FilesHow to Recover Lost Files
How to Recover Lost Files
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
 
Workshop 2 revised
Workshop 2 revisedWorkshop 2 revised
Workshop 2 revised
 
Memory card recovery software
Memory card recovery softwareMemory card recovery software
Memory card recovery software
 
Memory stick recovery
Memory stick recoveryMemory stick recovery
Memory stick recovery
 
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
 
One-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic AnalysisOne-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic Analysis
 
Recover Data from Memory Stick
Recover Data from Memory StickRecover Data from Memory Stick
Recover Data from Memory Stick
 
Photos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" errorPhotos inaccessible after "Un mountable volume" error
Photos inaccessible after "Un mountable volume" error
 

More from Caisar Oentoro

More from Caisar Oentoro (6)

D3.JS Data-Driven Documents
D3.JS Data-Driven DocumentsD3.JS Data-Driven Documents
D3.JS Data-Driven Documents
 
Android forensik
Android forensikAndroid forensik
Android forensik
 
Greedy algorithm
Greedy algorithmGreedy algorithm
Greedy algorithm
 
Mini magazine
Mini magazineMini magazine
Mini magazine
 
Metode SMART
Metode SMARTMetode SMART
Metode SMART
 
How Reflex Works
How Reflex WorksHow Reflex Works
How Reflex Works
 

Recently uploaded

Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Ransomware Mallox [EN].pdf
Ransomware Mallox [EN].pdfRansomware Mallox [EN].pdf
Ransomware Mallox [EN].pdf
Overkill Security
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
UiPath New York Community Day in-person event
UiPath New York Community Day in-person eventUiPath New York Community Day in-person event
UiPath New York Community Day in-person event
DianaGray10
 

Recently uploaded (20)

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Ransomware Mallox [EN].pdf
Ransomware Mallox [EN].pdfRansomware Mallox [EN].pdf
Ransomware Mallox [EN].pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
UiPath New York Community Day in-person event
UiPath New York Community Day in-person eventUiPath New York Community Day in-person event
UiPath New York Community Day in-person event
 

Android forensik 4

  • 1. Android Forensic Digital Image Recovery by Group 15
  • 2. Highlight Step 1 Step 2 Data Step 3 Presentation Identification Preservation Analysis
  • 3. Sceneario • Format SDCard for testing (full format / fill zero) 1 • Copy evidence file(s) to external & internal memory card 2 • Get images from external & internal memory with USB Image Tools & dd command 2 • Delete the evidence file(s) (in this case as .JPEG image) with local application (ES Explorer) 3 • Get images (again) from external & internal memory with USB Image Tools & dd command 4 • Extract all kind of files from both images with Files Scavenger. 5 • Compares extracted and founded evidences with real file(s) with JPEGNoob 6 • If the same, then recovery process is successfull 7
  • 4. Phone Identification Android System Info
  • 5. Data Preservation Creating Internal Memory’s Image Files: dd command : dd if=/dev/mtd/mtdx of=/mnt/sdcard bs=4096
  • 6. Data Preservation Creating External Memory’s Image Files: 1. Enable USB Mode 2. Create Images with USB Image Tool 3. [Optional] Can use md5 checking
  • 7. Analysis • Use File Scavenger to acquire all (deleted + hidden) data • Find ‘likely’ successfull recovered digital picture (cause sometimes the recovered image/picture has different name). • Compare real image and recovered image with JPEGSnoop (For JPEG)
  • 8. Before and After Formatting with Android Format Utility
  • 10. Conclusion • Recovering data in internal memory card was very hard to do especially if the memory size is small, because usually it will automatically ‘fully deleted’ • In External Memory, deleting files doesn’t delete the real files. The deleted files still resident the memory in, often in the same path.