Examining an Android Device with Santoku

00:00

hi and welcome to every day to show forensics I'm your hostess than you said. And in today's module of mobile friends Extra. We're gonna examine an android device using Setsuko

00:10

in today's video using my own personal 100

00:13

which is a sense on galaxy as Tom. I'm gonna go ahead and examine the device itself using the A f Logical or C Command within Cinta Ku.

00:25

So before that, what is a TV?

00:32

As stated in the previous video, A TV is your Andrew Debug Bridge. It's a command line tool for communicating and running commands to any attach enjoyed. It supports device actions such as application, installation and the bugging up. It also grants you a UNIX shouts have been various commands

00:49

and navigate through the device as you would in a terminal.

00:53

What are the three components of the and you're in T Pub Bridge.

01:00

You were quite your team in on your server,

01:03

so now we move on, said Zama with Setsuko. Ooh, I've connected my Andrew device to my work station

01:11

on the Verify that the baby

01:14

a B command communicates to the device itself. SoCal hadn't start their server. There's two ways to start be 88 db server. You can either do 80 B devices which will display this device is if the demon has not started, it will start it for you. Or you can do 80 b

01:30

start sash server.

01:34

So you see, we have a list of devices and they're attached. If it's not attached, it'll tell you either unauthorized or not touched, and we'll run the A f logical O S E tool.

01:46

As you can see, l trump see four information. So where to put this file information into

01:52

On the top, you have your intense if you go back to your and juried structure. Intent was part of your frameworks. An entrant intense is an intention to perform in action. So as you can see, the intention of this was to run the command com dot v forensics on android dot a f logical osc.

02:10

They intend Twister

02:13

run some forensics activity.

02:15

You enter the location where you want put this so far under your home directory lot A f logical data. And in this case, I put cell phone. We're examining my cell phone.

02:27

The tour runs and at the end of a tiny number of house. It pulls the number files it skips and the information on the data transfer

02:34

just from the list, you can see that we've created see SV's for SMS call logs, contents and mm pests. You also have some additional information, such as you resize emergency and emergency with some values,

02:51

So the emergency is an interesting item to see here.

02:54

One's Eric said that he pushed some combination of buttons on my cell phone,

02:59

and now we did a call my husband. But it also sends them a message and and send some my location.

03:06

This information is stored on your device and can be pulled.

03:09

The emergency information here,

03:13

as you can see, was based on that events. So not only can I put SMS and MM X files, but if any situation you could use your emergency, that data is stored and easy pulled, gruesome took, and then that information can be reviewed.

03:32

Let's go examine this information or go through to the call logs Contents SMS.

03:40

Now SMS is a particularly interesting information. I use WhatsApp and signal to send out information. As I stated earlier, your day is under epoch, but I send lots of messages and was quite suppresses. See, only seven different values be shown.

04:00

I anticipated the fact that any number that did not

04:03

far under signal or did not fall Underwood's AB

04:09

was going to be shown. However, I got seven results

04:13

and this will give you a break down of us mess. And if you school on the right, you can see the information that was actually generated in those s EMAs,

04:23

do you get so similar data in your mm mm Us

04:28

has not some additional information that I'm not gonna go into.

04:39

So I hope you enjoyed today's video

04:41

and so I was very. We went over how to run the A f logical Olesky command within some Dooku reexamines my personal cell phone which is a galaxy as 10

04:51

and saw the information that could be pulled Using this command such as your SMS,

04:58

you're MSs your car locks Antin. If emergency was ran through your phone, you got that data as well.

05:06

So in future videos will be examined, the images that required doing the accusation of age of this module will be performing some data carving and central graphic techniques.

05:17

We're reviewing how to property track and execute malicious files and export additional professional tools and both of beginner and advanced level to get you more familiar with the products that are out there.