Now it's more and more difficult for forensic tools to extract evidence from smartphone running Android 7 and above. Maybe you could acquire physical image in Bootloader mode or by Smart ADB. Don't celebrate too early. Let me remind you of "FDE". The fact is that if forensic tools could not decode this physical image, such image is just like a meaningless "black box" you have in hand.

No way to gain root privileges from phones running Android 7 and above . What else can be done? Fortunately once you got the pattern/password , you could enable USB debugging and change any settings you want to make "Downgrade extraction" possible. That's the key to get the evidence from certain Apps you want.

Let's take WeChat on a phone running Android Pie for example.

First we hava to download an old version apk file of WeChat. Then we want to uninstall original version of WeChat on this phone without data loss. The most important thing is remember the parameter "-k" when uninstall WeChat . So we could keep all data of WeChat safe and sound.

What the next? Install old version WeChat apk? No, it won't work unless you reboot this phone first.

After rebooting we could use adb command to install older version WeChat apk. What kind of older version of WeChat apk you need? Of course the version enable adb backup permission. What? you are not sure? All you have to do is to take a look at its manifest.xml and you could see the allowBackup permission. Let's install and the result is "success". Is it surprise you? Keep in mind that do not click WeChat now!

Now we could use adb backup to extract WeChat. The output file is a .ab file. You have to convert this .ab to a .tar file.

How to deal with a .ab file? You could take advantage of android backup extractor jar file to unpack .ab file.

Unzip this .tar file and make sure you got the database file containing chat history. Yes, that's it. Don't forget that EnMicroMsg.db is an encrypted file. All you have to do is to look at my earlier post and you will know what to do.

Downgrade extraction on phones running Android 7/8/9的更多相关文章

  1. eclipse - An internal error occurred during: "Running Android Lint"

    概述 也不晓得为什么,编译eclipse,设置打开,就自动报错: An internal error occurred during: "Running Android Lint" ...

  2. Eclipse出现"Running Android Lint has encountered a problem"解决方式

    近期打开Eclipse的时候,总是发生这种一个错误:"Running Android Lint has encountered a problem".截图例如以下: . 可是Ecl ...

  3. How to extract WeChat chat messages from a smartphone running Android 7.x or above

    A friend of mine she was frustarted in extracting WeChat chat messages from suspect's smartphone run ...

  4. Eclipse出现"Running Android Lint has encountered a problem"解决方案

    安装eclipse for android 时候的错误记录,转载自:http://blog.csdn.net/chenyufeng1991/article/details/47442555 (1)打开 ...

  5. 解决启动Eclipse后提示’Running android lint’错误的问题

    打开项目的AndroidManifest.xml文件,android:targetSdkVersion="21"改为“20”或以下的值.由于Android L为预览版本,版本号还是 ...

  6. running android lint has encountered a problem

    最近写学习android编程的的时候,每次保存.java文件的时候,总会跳出如下错误 解决:

  7. Android开发之错误:elicpse运行时弹出Running Android Lint has encountered a problem failed, nullpointerexception

    昨天安装了下Android Studio,把SDK路径指向了ADT目录下的SDK目录.同时FQ出去更新了下SDK.然后今天运行eclipse的时候,弹出错误,同时在工程的名称处有错误提醒,但是代码中没 ...

  8. running android lint has encountered a

    近期写学习android编程的的时候,每次保存.java文件的时候,总会跳出例如以下错误 这个错误不是属于程序错误,把它关掉对于编程没有不论什么影响,但每次见到这个就是不爽,希望大神可以解决一下,谢谢 ...

  9. ADT "Running Android Lint" has encountered a problem

    解决办法: Window--->Preferences----->Android--------> LInt Error Checking----->when saving f ...

随机推荐

  1. 长春理工大学第十四届程序设计竞赛(重现赛)B

    B Bowling Game 题目链接:https://ac.nowcoder.com/acm/contest/912/B 题目 CUST的队员打完省赛后,小r带着大家去打保龄球. 保龄球是一项难度非 ...

  2. Azkaban 3.73.1 集群搭建(Multiple Executor)

    一.简介 Azkaban是LinkedIn开源的任务调度框架,采用java编写 Azkaban功能和特点: 任务的依赖处理 任务监控,失败告警 任务流的可视化 任务权限管理 Azkaban具有轻量可插 ...

  3. BFS(五):八数码难题 (POJ 1077)

    Eight Description The 15-puzzle has been around for over 100 years; even if you don't know it by tha ...

  4. 如何使用 Docker 安装 Jenkins

    说在前面 本篇内容非常简单,仅讲述了如何快速在 Docker 上部署一个 Jenkins 实例,不涉及其他. 本文实验环境: 操作系统:Centos 7.5 Docker Version:18.09. ...

  5. 小白开学Asp.Net Core 《六》

    小白开学Asp.Net Core <六> —— 探究.Net Core 跨平台的奥秘 1.写这篇文章的初衷 有好多朋友反馈看不懂我写的开源的一个练手项目(GitHub:https://gi ...

  6. 测试调试-利用fiddler修改response返回结果

    测试前端过程中,经常需要验证各种功能状态.不同数据层级等返回后的展示效果.一般会通过以下三种方式进行测试: 1.构造满足条件的测试数据:(耗时费力) 2.修改数据库:(前提需要了解数据库数据存储.沟通 ...

  7. 数字IC后端布局阶段对Tie-high和Tie-low Net的处理

    本文转自:自己的微信公众号<集成电路设计及EDA教程> 里面主要讲解数字IC前端.后端.DFT.低功耗设计以及验证等相关知识,并且讲解了其中用到的各种EDA工具的教程. 考虑到微信公众平台 ...

  8. CentOS 7搭建vsftp(虚拟用户方式登录)

    说明: vsftpd的版本:vsftpd-3.0.2-22.el7.x86_64 ftp 根目录 : /data/ftp ftp 配置文件目录:/etc/vsftpd ftp 虚拟用户权限配置文件目录 ...

  9. 【HDU - 3533】Escape(bfs)

    Escape  Descriptions: 一个人从(0,0)跑到(n,m),只有k点能量,一秒消耗一点,在图中有k个炮塔,给出炮塔的射击方向c,射击间隔t,子弹速度v,坐标x,y问这个人能不能安全到 ...

  10. Excel催化剂开源第3波-修复ExcelCom加载项失效问题及WPS可调用Com加载项的方法

    为了还原一个干净无侵扰的网络世界,本文将不进行大规模地分发,若您觉得此文有用,不妨小范围地分享到真正有需要的人手中 功能概述 修复ExcelCom加载项常见问题,如每次需重新勾选COM加载项或COM加 ...