Editor’s notes: Third-party app data, especially social apps like WhatsApp, Facebook, are usually the key targets for forensic extraction. However, because of the Android operating system and the apps’ data securities, users usually cannot have direct access to these important data.
So how do we extract app data from smartphones? Normally we need to root the device to get full access to the system before we can extract app data. But rooting is not always easy, especially with recent Android system updates.
So in this article, SalvationDATA’s forensic engineer will introduce a way to extract app data without root access by using our latest mobile forensic solution, Smartphone Forensic System Professional (SPF Pro).
First part: Create a BACKUP file on Smartphones
The trick is to make use of the Android system’s built-in backup function. Many customized Android systems provide the user with such a functionality which can be utilized for the convenience of forensic works.
In SPF Pro, our backup extraction solution is fully automatic and will help carry out the process: backup, extract, analyze, triage automatically. However, the users may still run into models which are not supported for automatic operations. So below we provide the instruction on how to manually create backup to extract app data. (Using Xiaomi as an example.)
Step1. Go to: settings page.
Step2. Type ‘backup’ on the top to search and quickly locate ‘Backup & reset’, select it.
Step3. Select ‘Local Backups’
Step4. Now select the items you would like to backup, although all the items are already selected by default.
Step5. Tap on the Backup button to start
Step6. After the backup progress is complete, you will get the Finish message on your device screen. just tap the Finish button and you have already successfully created the backup.
Second part: Start to extract the backup file by using SPF (Smartphone Forensic System)
Step1. Connect your phone to a pc, and find the backup in the SD card, from the following path:
The backup folder is named according to the time it was created.
Step2. Run our SPF Pro, create a new case or open a history case to begin your work.
Step3. Load the backup file or folder as the forensic target.
Step4. Choose ‘Automatic Logical Extraction’ and select your target app data for extraction.
Step5. Click ‘Start Extraction’ and wait for the process to complete.
Step6. Check out your extraction results and look for case-relevant data.
This article introduced a way to manually create app data backup from target smartphones and use SPF Pro to forensically analyze the data. This is a practical and easy solution to extract app data from some Android smartphones without privilege access like root.
If you would like to know more about our new generation mobile forensic product SPF Pro, please check out our website and follow our updates. We’ll be posting more practical instructions very soon!