Now it's more and more difficult for forensic tools to extract evidence from smartphone running Android 7 and above. Maybe you could acquire physical image in Bootloader mode or by Smart ADB. Don't celebrate too early. Let me remind you of "FDE". The fact is that if forensic tools could not decode this physical image, such image is just like a meaningless "black box" you have in hand.

No way to gain root privileges from phones running Android 7 and above . What else can be done? Fortunately once you got the pattern/password , you could enable USB debugging and change any settings you want to make "Downgrade extraction" possible. That's the key to get the evidence from certain Apps you want.

Let's take WeChat on a phone running Android Pie for example.

First we hava to download an old version apk file of WeChat. Then we want to uninstall original version of WeChat on this phone without data loss. The most important thing is remember the parameter "-k" when uninstall WeChat . So we could keep all data of WeChat safe and sound.

What the next? Install old version WeChat apk? No, it won't work unless you reboot this phone first.

After rebooting we could use adb command to install older version WeChat apk. What kind of older version of WeChat apk you need? Of course the version enable adb backup permission. What? you are not sure? All you have to do is to take a look at its manifest.xml and you could see the allowBackup permission. Let's install and the result is "success". Is it surprise you? Keep in mind that do not click WeChat now!

Now we could use adb backup to extract WeChat. The output file is a .ab file. You have to convert this .ab to a .tar file.

How to deal with a .ab file? You could take advantage of android backup extractor jar file to unpack .ab file.

Unzip this .tar file and make sure you got the database file containing chat history. Yes, that's it. Don't forget that EnMicroMsg.db is an encrypted file. All you have to do is to look at my earlier post and you will know what to do.

Downgrade extraction on phones running Android 7/8/9的更多相关文章

  1. eclipse - An internal error occurred during: "Running Android Lint"

    概述 也不晓得为什么,编译eclipse,设置打开,就自动报错: An internal error occurred during: "Running Android Lint" ...

  2. Eclipse出现"Running Android Lint has encountered a problem"解决方式

    近期打开Eclipse的时候,总是发生这种一个错误:"Running Android Lint has encountered a problem".截图例如以下: . 可是Ecl ...

  3. How to extract WeChat chat messages from a smartphone running Android 7.x or above

    A friend of mine she was frustarted in extracting WeChat chat messages from suspect's smartphone run ...

  4. Eclipse出现"Running Android Lint has encountered a problem"解决方案

    安装eclipse for android 时候的错误记录,转载自:http://blog.csdn.net/chenyufeng1991/article/details/47442555 (1)打开 ...

  5. 解决启动Eclipse后提示’Running android lint’错误的问题

    打开项目的AndroidManifest.xml文件,android:targetSdkVersion="21"改为“20”或以下的值.由于Android L为预览版本,版本号还是 ...

  6. running android lint has encountered a problem

    最近写学习android编程的的时候,每次保存.java文件的时候,总会跳出如下错误 解决:

  7. Android开发之错误:elicpse运行时弹出Running Android Lint has encountered a problem failed, nullpointerexception

    昨天安装了下Android Studio,把SDK路径指向了ADT目录下的SDK目录.同时FQ出去更新了下SDK.然后今天运行eclipse的时候,弹出错误,同时在工程的名称处有错误提醒,但是代码中没 ...

  8. running android lint has encountered a

    近期写学习android编程的的时候,每次保存.java文件的时候,总会跳出例如以下错误 这个错误不是属于程序错误,把它关掉对于编程没有不论什么影响,但每次见到这个就是不爽,希望大神可以解决一下,谢谢 ...

  9. ADT "Running Android Lint" has encountered a problem

    解决办法: Window--->Preferences----->Android--------> LInt Error Checking----->when saving f ...

随机推荐

  1. 第六章 Fisco Bcos 多服务器分布式部署

    想了解相关区块链开发,技术提问,请加QQ群:538327407 前提概要 前面几章,我们通过单机部署,在单台服务器上搭建四个节点,完成Fisco Bcos 底层搭建,并完成相关合约开发.sdk 开发. ...

  2. charles使用说明(基于mac)

    1. Charles简介 1.1 Charles 需要java的运行环境支持,支持Windows.Mac:Fiddler不支持Mac.故Charles是在Mac下常用的网络封包截取工具. 1.2 Ch ...

  3. header 无法实现跳转

    错误:Warning: Cannot modify header information - headers already sent by (output started at 方法:“php.in ...

  4. SqlHelper(基础)

    using System; using System.Collections.Generic; using System.Data; using System.Data.SqlClient; usin ...

  5. 并发编程之美,带你深入理解java多线程原理

    1.什么是多线程? 多线程是为了使得多个线程并行的工作以完成多项任务,以提高系统的效率.线程是在同一时间需要完成多项任务的时候被实现的. 2.了解多线程 了解多线程之前我们先搞清楚几个重要的概念! 如 ...

  6. java学习笔记(基础篇)—变量与表达式

    一:局部变量和实例变量 定义变量是指设定变量的数据类型和变量的名字,Java语言要求变量遵循先定义,再初始化,然后使用的规则. 作用域:指它的存在范围,只有在这个范围内,程序代码才能访问它. 变量的生 ...

  7. nu.xom:Serializer

    Serializer: 机翻 /* 使用用于控制空格,规范化,缩进,换行和基本URI的各种选项以特定编码输出Document对象 */ Serializer(OutputStream out) :创建 ...

  8. I/O:Writer

    Writer: Writer append(char c) :将指定字符添加到此 writer. Writer append(CharSequence csq) :将指定字符序列添加到此 writer ...

  9. redis分布式锁的问题和解决

    分布式锁 在分布式环境中,为了保证业务数据的正常访问,防止出现重复请求的问题,会使用分布式锁来阻拦后续请求.具体伪代码如下: public void doSomething(String userId ...

  10. 从7点到9点写的小程序(用了模块导入,python终端颜色显示,用了点局部和全局可变和不可变作用域,模块全是自定义)

    未完待续的小程序 要是能做的好看为啥不做的好看 在同目录下生成程序 1.程序文件 run.py from login import login from register import registe ...