Digital Forensic Scientist

less than 1 minute read

In this video, we look at the android_triage utility that helps with fast android logical acquisitions. It uses the Android Debug Bridge (adb) to connect to a target android device and extract system information, log files, initiate backups, and do a full file system extraction. The result is a comprehensive dump of Android data without needing to memorize many adb commands.

android_triage is also set up to respect the Order of Volatility in the phone. Just use the features in order, and you will run from least invasive to most invasive. android_triage is pre-installed in Tsurugi Linux, which is the operating system we used for this example.

You may also enjoy

iLEAPP and RLEAPP updates and dev thoughts

Alex (@kviddy) has been pushing some extremely useful updates to the open-source Android forensic tool - [ALEAPP](https://github.com/abrignoni/ALEAPP]. Speci...

What data can you find in RAM?

To determine if you need to collect Random Access Memory on-scene, it is useful to know what kinda of investigation-relevant data is often available in RAM.

Modular artifact scripts coming to iLEAPP

kviddy has been pushing some great core updates to ALEAPP. Specifically, artifact scripts are now self-contained. This means that script authors no longer ne...