[Q] Mobile Device Forensics - General Topics

Looking for developers who can help bring this project to life.. and general discussion of how it could be done.
In the computer forensics field, when you want to see what the system was running, you make a forensic image of the hard drive (which is a bit by bit copy of the entire hard drive) and use that image file in a virtual setting to boot the machine..
I can obtain complete physical dumps of cell phones (most anyways) but how can I now virtualize that BIn file to see how the device looked to the user? What was on their home scree? icon placement etc?
The main reason to run with this in a virtual environment is that it is hard to set up a test phone to the exact specs of the users device..
So how can this be done using SDK development tools or would you need to build an program from the ground up?
Ideas?
Thoughts?
has this already been done and I am just not aware of it?

Related

[Q] Down and Dirty with Smartphones - how to read the entire memory

Hi all,
I hope I'm doing this in the right forum. I have an ambitious project I want to do.
I want to be able to read the entire contents of a smart phone.
Currently I plug, say a generic Windows Mobile phone into my PC, and using Active Sync, it shows the files on my device. I want to go beyond that and essentially see everything, the unused storage etc. Similar to how programs can see each sector on a computer hard drive, not just the files visible to the operating system.
There may be an easy way to do this, but I've done some searching and can't seem to find it.
I guess the first place for me to start is getting to know the architecture of the generic smartphone. I'm making an assumption that most smartphones which can run Windows Mobile, Android, Linux, etc have the same architecture (I won't be looking into Blackberry/RIM, Palm, or iPhone).
I understand that the processor for these smartphones are mostly by ARM, and use the ARM instruction set. From what I can make out also these phones store the OS/ROM in the memory (which I'm assuming is flash), and the applications and files are also stored in the same place.
Does anyone know where I can find info on how the architecture of these phones? Or know of a good place to start looking? Or have any advice for me?
Thanks ahead

[Q] Imaging the File System

I am working on a project at working concerning the HTC Touch Pro (Fuze) running 6.1. We are looking to take a forensic image of the device from the file system up. Our traditional software for imaging other types of drives (hard, flash, etc.) can only see the existing files on the device. We want to be able to perform a full acquisition.
I know this is possible on Android devices, I've spent a lot of time doing it. On Android devices I am able to use Android SDK/ADB to copy the mmcblk files from the device to the host computer.
I have the Windows SDK in Visual Studio. Is there something similar to ADB for Windows? I basically just need a command-line interface with which to communicate with the phone.
Any information would be appreciated!
mpercy725 said:
I am working on a project at working concerning the HTC Touch Pro (Fuze) running 6.1. We are looking to take a forensic image of the device from the file system up. Our traditional software for imaging other types of drives (hard, flash, etc.) can only see the existing files on the device. We want to be able to perform a full acquisition.
I know this is possible on Android devices, I've spent a lot of time doing it. On Android devices I am able to use Android SDK/ADB to copy the mmcblk files from the device to the host computer.
I have the Windows SDK in Visual Studio. Is there something similar to ADB for Windows? I basically just need a command-line interface with which to communicate with the phone.
Any information would be appreciated!
Click to expand...
Click to collapse
I think MobilMon can monitor file system activity and allowing them to keep a log on device

[Q] Large Android TV set top box deployment

Hello All,
I originally posted this question in the Android general forum but I didn't get any traction so I'm posting here in the hopes of finding some folks in the community with ideas for this project. I work for a not-for-profit children's hospital. The idea is to create a patient entertainment system (think the LodgeNET style systems in hotel rooms) using less expensive and more open hardware/software. We've purchased a few Android based set top boxes such as the EnjoyTV (I'd post the link but it won't let me) and have managed to get them configured the way we want.
The situation we're struggling with now is managing 200+ of these boxes out in the field. I have a few ideas but no one here really with the Android experience to bounce them off of.
Some thoughts:
- We would like to be able to completely reset the device to 'factory' defaults when patients leave rather than worry about locking down the devices too much.
- We would need the defaults to be our configuration, specific applications installed and perhaps even some hospital branding involved.
- I know I can reconfigure the ADB daemon on the device to listen on the ethernet port as opposed to USB.
- In doing so there is no security but I can handle security in the network layer using ACLs etc.
- I should then be able to use remote ADB commands to reset the device which I can script but what will get reset? Will my cusotmizations/apps go away? Will I have to compile a custom ROM?
- Is there a better direction to go in entirely?
Any help or even just a jab in the right directly would be GREATLY appreciated, both by myself and the kids who will benefit while they're here.
Hi,
I think you need MDM solution.
Ideally you might want to get Device admin rights and then reset it from remote easily.

turning an existing android phone to a virtual machine

hi guys, i wanna turn my phone into a virtual machine so that i can use it in other phone/device but i did not see any means/process to do it.
can anyone tell me how to virtualize my phone for use in other devices? (also ram and storage will be virtual too)
so i wanna ask this question has any one does this before which means did you use to do it?
what do you mean
To run a VM ( guest OS ) in any case a hypervisor OS ( host ) is needed
Look also inside here:
Can You Run a Virtual Machine on a Smartphone? How Does It Work?
With smartphones increasingly becoming capable devices, did it ever cross your mind to run a virtual machine on them? Is it even possible? How?
www.makeuseof.com
to turn your phone into a virtual OS for use in other device
Guan Yu said:
what do you mean
Click to expand...
Click to collapse
xXx yYy said:
To run a VM ( guest OS ) in any case a hypervisor OS ( host ) is needed
Look also inside here:
Can You Run a Virtual Machine on a Smartphone? How Does It Work?
With smartphones increasingly becoming capable devices, did it ever cross your mind to run a virtual machine on them? Is it even possible? How?
www.makeuseof.com
Click to expand...
Click to collapse
yes but i want to make my OS as a guest OS in other android phones but i dont know to make it be a guest OS so that other phones can use it
but do it have hardware acceleration ?
I think you're confused about the concept of a VM.
A VM is a container within a host system which is allocated a portion of the hosts physical resources for the purpose of running a guest OS (this is the VM) within it.
So to say you want to turn your android in to a VM shows clearly your confusion (nobody knows anything until they've learnt it; nobodyo all good!)
For example, it would be more appropriate to ask this:e
Is it possible to create an iOS VM on an Android (host) device with part of my android's resources (memory, storage space, interfaces etc)?
The answer? Ask the experts thisis is my first post.
Take care

Development Environment Setup: Hardware?

Asking this question because the attempt to get TWRP on my device is becoming a compound problem as the distance to being able to build it approaches 1. Otherwise known as the law of inverse noobness: Hindsight is always 20/20. Personally, not even half way to 1 in being able to do this, as am fairly new to doing things at the operating system level of programming. Not brand-new though, and knowing how and where to look things up helps, so if you have hints or can point me in the right direction that'd be great. First question is sort of along the lines of "how do you setup your dev environment" if you want to make it modular? More precisely:
So right now, the build page for AOSP concerning my device says to use Ubuntu 14.04 and do all those things to set it up for that. Do I need to do that in order to get TWRP built for my device? To have it set up the same way as the AOSP advises? Having a different computer for each dev environment would be a bit much, but running them in qemu seems even more ridiculous. Perhaps a better idea is to set up a "build environment" on bootable USB sticks that do all the work? That would simply a lot of things, like not having to swap out hard drives, and being able to easily clone a USB drive to "just work" and build AOSP/TWRP at will on any computer.
For reference, it is the Moto G Power (2021) "Sofia" device. They've released sources for it, but not much development going on. So learning how to do this for my device might just unlock TWRP (and with it, probably the Nethunter kernel/chroot environment) for other devices not yet supported.
Help me, help you. Thanks.
(Have other questions, too).
Why not use WSL2?
How to install Linux WSL2 on Windows 10 and Windows 11
The latest version of the Windows Subsystem for Linux is a significant upgrade; for most, it's now easier than ever to install.
www.windowscentral.com
jwoegerbauer said:
Why not use WSL2?
Click to expand...
Click to collapse
I don't use windows.
Bump.
Asking this because it seems that, being new to programming and having no formal training, I'm missing something from tutorials (like the TWRP git page, or some of the tutorials here on this forum that haven't been updated since 2013) and other material that might be thought to be "known" or "implied" and I just can't seem to understand what. Because when I go to build projects or whatever, following tutorials to the letter, still end up with errors and other problems that aren't covered in the tutorial. Part of that problem is installing dependencies, and then having them conflict with other installed things, like having two of python and three versions of java. So having a "build environment" to prevent conflicts is something that wasn't taught, but learned through trial and error, but that isn't the only problem I'm having.
McChadwicke said:
For reference, it is the Moto G Power (2021) "Sofia" device.
Click to expand...
Click to collapse
Hmm. I have the same model, but it's "borneo".
Did you build TWRP for your device? Any pointers or tips?
I usually just modify stock recovery to have rooted, permissive ADB.
I really don't need more than that in a recovery.
I haven't done much with my GP21 since the Firehose loader is restricted.
Renate said:
I usually just modify stock recovery to have rooted, permissive ADB.
I really don't need more than that in a recovery.
I haven't done much with my GP21 since the Firehose loader is restricted.
Click to expand...
Click to collapse
Not sure why the last reply didn't quote you...
Setting up a build environment is an evolving problem. As of this writing it seems the Ubuntu team is switching to a "pro version" system, a paywall, for some services...
Also, AOSP recommends Ubuntu 14 for a build environment. Gave up trying to run it from USBs lol, it is running on a dedicated system. But android-sdk is no longer available in apt, while running Ubuntu 14.04 + latest updates? So went to check why and now AOSP is using its own system for build environment setup and management. Tried running it in Ubuntu 14, but gave errors with the setup script provided.
Seeing now if I can't get the android sdk to run in Mint-XFCE... Will check back. TWRP build page says I need these things to build it (TWRP), right?
Also, how much of the preinstalled vendor crud can be pruned before it breaks?
Thanks.
Edit: reference on the TWRP guide I'm using is https://forum.xda-developers.com/t/...ompile-twrp-from-source-step-by-step.3404024/ (posted 2016)
I think that all build environments are getting more restricted.
"Just do it OUR way" seems to be the new corporate slogan.
I build Android apps without Android Studio, Gradle or an IDE.
Renate said:
I think that all build environments are getting more restricted.
"Just do it OUR way" seems to be the new corporate slogan.
I build Android apps without Android Studio, Gradle or an IDE.
Click to expand...
Click to collapse
Does TWRP have its own build control system? Considering all these changes, should it?
To keep things isolated, clean and manageable on host system, that has no dev tools
or anything extra besides standard desktop stuff. (under main linux distros)
#1 For smallest , fastest deployment of various build/dev environments i use schroot
on devuan/debian , it is a system to manage/automate the use of chrootable containers.
like regular manual chroot but most thigs are automated/preconfigured with
just a few commands and config files.
Basicaly a new root filesystem (userspace) that is independent of hosts root filesystem and just
uses hosts kernel (or as much/little acces to kernel as you give it trough schroot config files)
has its own packages and dependencies and will only see specific sections of hosts filesystem sections you give it access to like say /src/myproject from host. can be a separate /home
or shared with host, all depends on your config.
Using debootstrap to create the filesystems for containers of specific distributions/verions.
Or can just manualy copy an install and rip out the kernel etc...
(Can install ubuntu userspace in debian with debootstrap , if need be.)
(like lineageOS was hard to find all the correct/matching dev tools under devuan, so ubuntu it was)
#2 For something a bit beefier LXC on top of libvirt.
(regular chroot wont run services, or have its own networking , LXCs can , with some extra configuration)
#3 For when you just need an actual full blown VM os installation use KVM/qemu on top of libvirt .
(like installing 15 year old redhat 5.1 in a container wont work, kernels and main libs too far apart)
(or anything that is just too different from current linux kernel , other OS s etc...)
virt-manager is nice for graphicaly managing VMs and LXCs
#1 But schroot is essential and will suffice for more then 90% if not whole 100% of your needs.
if you want a clean host system from being clobbered by constant installing and testing and such . Keeps the environment contained in its own filesystem namespace , have as many as you need .
start fresh,rollback,clone etc.............
Once configured just start another tab in a terminal emulator and schroot in to the container
and your main host system in unaffected, always clean .
#4 Running all of this on top of ZFS takes it a step up, to the next level of effeciency.
zfs helps quite a bit with cloning,branching,snapshots, rollbacks but not essential,
like git versioning for things that are too big for or are not made for git management
(but is another system on to itself to learn, so ignore it if new to linux )
just cloning a 300Mb-1Gb base bootstrap install folder takes no time on regular filesystem on ssds .
With these 3 tools , you can have 10s if not 100s of different environments on a single host
quickly deployable once you get to know the procedures. all usable at the same time without
reboot,
#5 The most important is learning how to hunt for the right version of tools and all of the
dependencies and the correct versions of those , as each project will have their own
and will base it on their own distribution of choice at a specific point in time.
(by being able to install/test/restart in container makes this whole process , easier)
you can test many different ideas at the same time , and merge what works in
to your own dev-build-env for a specific project.
(like hunting down correct tutorial for specific/old/obscure phone and a rom and recovery
and rooting tools associate from a time long past. using wayback machine to source
correct versions of each , as normal web has erased them )
even used schroot to install games for nephew from untrusted sources without hesitation,
and just delete the container when done, but that was a bit more involved as proprietary
nvidia drivers had to be installed on host and partially in containers.
dandudikof said:
To keep things isolated, clean and manageable on host system, that has no dev tools
or anything extra besides standard desktop stuff. (under main linux distros)
#1 For smallest , fastest deployment of various build/dev environments i use schroot
on devuan/debian , it is a system to manage/automate the use of chrootable containers.
like regular manual chroot but most thigs are automated/preconfigured with
just a few commands and config files.
(like hunting down correct tutorial for specific/old/obscure phone and a rom and recovery
and rooting tools associate from a time long past. using wayback machine to source
correct versions of each , as normal web has erased them )
Click to expand...
Click to collapse
neat. schroot looks like a solution. answers a lot of questions, anyway. that last part scares me though. using the wayback machine to source things jeez. there's gotta be a better way, but probably not unless i want to do it myself which will only add time to "the project".
McChadwicke said:
neat. schroot looks like a solution. answers a lot of questions, anyway. that last part scares me though. using the wayback machine to source things jeez. there's gotta be a better way, but probably not unless i want to do it myself which will only add time to "the project".
Click to expand...
Click to collapse
That was just worse case scenario if you get in to very obsolete/old/abandoned stuff (10-20 year old) projects/hardware etc...
dandudikof said:
10-20 year old
Click to expand...
Click to collapse
yeah some of the hardware is in that range. actually upgraded one of the old rigs (because parts are cheap) from an athlon to a phenom lmao thing has 16gb ram, it is stacked now with top of the line things from that era. keeping it around for nostalgia's sake at this point since it still works.
xmrig gets abysmal hash rates, not even worth running on older hardware.

Categories

Resources