Now it's more and more difficult for forensic tools to extract evidence from smartphone running Android 7 and above. Maybe you could acquire physical image in Bootloader mode or by Smart ADB. Don't celebrate too early. Let me remind you of "FDE". The fact is that if forensic tools could not decode this physical image, such image is just like a meaningless "black box" you have in hand.

No way to gain root privileges from phones running Android 7 and above . What else can be done? Fortunately once you got the pattern/password , you could enable USB debugging and change any settings you want to make "Downgrade extraction" possible. That's the key to get the evidence from certain Apps you want.

Let's take WeChat on a phone running Android Pie for example.

First we hava to download an old version apk file of WeChat. Then we want to uninstall original version of WeChat on this phone without data loss. The most important thing is remember the parameter "-k" when uninstall WeChat . So we could keep all data of WeChat safe and sound.

What the next? Install old version WeChat apk? No, it won't work unless you reboot this phone first.

After rebooting we could use adb command to install older version WeChat apk. What kind of older version of WeChat apk you need? Of course the version enable adb backup permission. What? you are not sure? All you have to do is to take a look at its manifest.xml and you could see the allowBackup permission. Let's install and the result is "success". Is it surprise you? Keep in mind that do not click WeChat now!

Now we could use adb backup to extract WeChat. The output file is a .ab file. You have to convert this .ab to a .tar file.

How to deal with a .ab file? You could take advantage of android backup extractor jar file to unpack .ab file.

Unzip this .tar file and make sure you got the database file containing chat history. Yes, that's it. Don't forget that EnMicroMsg.db is an encrypted file. All you have to do is to look at my earlier post and you will know what to do.

最新文章

  1. mybatis : trim标签, “等于==”经验, CDATA标签 ,模糊查询CONCAT,LIKE
  2. String类和StringBuffer类的区别
  3. ABAP modify screen:修改屏幕,实现隐藏、禁止输入字段
  4. hdu 4617 Weapon
  5. PHP算法之二分查找和顺序查找
  6. 重置mysql管理员密码
  7. rac 10g 加入节点具体解释
  8. [Mugeda HTML5技术教程之7]添加动画
  9. IHttpModule与IHttpHandler的区别整理
  10. 使用pabot并发执行robotframework的testSuite
  11. du和df显示磁盘空间使用差异大的几种情况
  12. [Codeforces]871D Paths
  13. 手把手教你轻松实现listview上拉加载
  14. bzoj2839 集合计数(容斥)
  15. Spark基础-scala学习(五、集合)
  16. Ehcache缓存配置以及基本使用
  17. slf4j日志使用
  18. MySQL的启动和关闭
  19. DPHARD
  20. AIDL原理之 Framewok层实现

热门文章

  1. PATA 1027 Colors In Mars
  2. PyCharm2018 汉化&激活
  3. C++ 洛谷 P2458 [SDOI2006]保安站岗 from_树形DP
  4. Hive入门(三)分桶
  5. JavaWeb知识点
  6. web前端css(三)
  7. Ceph Plugin - Dashboard - By Anoyi
  8. 网络下载器 迅雷大众版 v7.9.42.5050 精简绿色版
  9. python的ORM技巧记录
  10. 个人永久性免费-Excel催化剂功能第66波-数据快速录入,预定义引用数据逐字提示