Bash script to extract data from an Android device
Developed and tested on Mac OS X Mojave (10.14.6), but should work also on Linux
Mandatory Requirements
- adb (https://developer.android.com/studio/releases/platform-tools)
- dialog (for Mac OS X see here http://macappstore.org/dialog/)
How to use it
- Activate ADB on the Android Device
- Connect and pair the Android Device and the host
- Make the script executable (chmod +x android_triage.sh)
- Execute the script and follow the instructions
See also the original blog post here
https://blog.digital-forensics.it/2021/03/triaging-modern-android-devices-aka.html
Version 1.0 [30/3/2020]
First release
Version 1.1 [30/3/2020]
- Added "-keyvalue" in the ADB backup commant (Thanks Yogesh Khatri - @SwiftForensics)
- Added option 10 to dump file system folders and files not requiring root privileges
- Minor fixes
Version 1.2 [3/4/2020]
- Added "dumpsys diskstats" processing (credits https://android.stackexchange.com/questions/220442/obtaining-app-storage-details-via-adb)
- Added "appops" processing (credits https://android.stackexchange.com/questions/226282/how-can-i-see-which-applications-is-reading-the-clipboard)
- Minor adds