Editor’s notes: In our recent blog posts, we introduced a practical solution to collect app data from smartphones without privilege access like root – Backup Extraction.
However, Backup Extraction is not always possible because not all smartphone manufacturers provide the users with the access to create backups. In this article, SalvationDATA’s forensic experts will show you how to easily collect app data from unrooted smartphones by downgrade extraction.
What is downgrade extraction?
In order to collect app evidence data, mobile forensic experts tried to use adb backup to acquire app data. At first, it worked, but today it doesn’t anymore because recent updated third-party apps have already disabled adb backup permission in consideration of user’s private data security. This is why downgrade backup is invented. The idea of downgrade backup is simple, we downgrade the target app to an old version where adb backup is allowed, and we use this old version to create a backup and then use a forensic tool to analyze it.
The key step of a downgrade forensic process is to uninstall the original version app without touching the user’s data. This is realized by a special adb command line:
>adb shell pm uninstall –k com.whatsapp
In this command line, ‘-k’ ensures the user’s data is kept safe when uninstalling the target application like WhatsApp. Downgrade extraction is usually meant for experienced forensic experts because if not handled with care, there’s a high risk of losing valuable evidence data forever. However, in our new generation mobile forensic product SmartPhone Forensic System Professional (SPF Pro), backup extraction is made fully automatic, and easy to use for inexperienced forensic investigators! Now let’s see how to utilize this solution in SPF Pro to collect app data from unrooted smartphones.
How to use SPF Pro to perform an automatic downgrade extraction process?
Step 1. Connect the smartphone to the PC and run SPF Pro. Create a new case or load an existing case to enter the extraction home page. Click ‘Downgrade Extraction’ from the solution list.
Step 2. Check your target apps for extraction, then click ‘Start Extraction’ to begin the process.
- If your Android version is 6.0 or higher, the smartphone will reboot during the system, please unlock the screen as soon as the reboot is complete.
- SPF Pro then will automatically backup the apk, and downgrade the app to an old version. Please make sure to allow install via USB
- And finally, after downgrade successful, click ‘BACK UP MY DATA’ to start creating a backup.
Step 4. After that, SPF Pro will automatically extract the backup files and begin forensic acquisition. At the end of the process, SPF Pro will restore the original app, make sure to allow installation again.
Downgrade extraction is another solution to extract app data without root or jailbreak. It is able to extract data when you cannot acquire root access for your target device. SPF Pro helps the users to complete a downgrade extraction process automatically, avoiding the risks or losing valuable user’s data.
Come and check out our resource page, download SPF Pro and begin your trial for free!