[Q] Android Forensic Application

Hey Everyone,

I'm working on an Android Forensic application to retrieve deleted text messages, email and call history from any Android device. I managed to extract several deleted records from sqlite database using my C++ app however to get the sqlite dbs I should be connected to a rooted Android device which is practically not possible as the people who will be using this app doesn't have much technical expertise and they won't be able to root the device.

To work around this problem, I'm thinking about carving sqlites from file system images and I'm very confident of doing the same once I get access to the image files. So I tried dd and nanddump but it seems like they both need write access to the partitions to dump the images.

So I'd like to know whether there is a way to dump the userdata partition without su / root permission on the device ?

Thanks for your help!


Show Accepted Answer

Guest Quick Reply (No URL, BBcode or HTML)

Last post by shanon31
3 hours ago
Last post by june.walter
1 hour ago
Last post by stanton.stone
2 hours ago
Last post by jhills
4 hours ago
Last post by ophelia.baumbach
21 minutes ago
Last post by elenor36
2 hours ago
Last post by gretchen.farrell
2 hours ago