How to make an application backup
1) Open MOBILedit Forensic Express and click "Start"
2) Plug your phone to USB. You will
see that on your phone Forensic Connector screen will show up. MOBILedit will then find the connected phone.
[1] Shows the phone type currently connected
[2] Shows if the phone is rooted or not
[2] Shows if the phone is rooted or not
Click on "Next"
3) if you see this dialog about Old
Connector, click Yes and wait until the Connector updates
4) If your phone is rooted/jailbroken,
you will probably see this dialog. Confirm by clicking OK
5) Now you are in the main dialog
where you choose what you want to do. Choose Application analysis and confirm by
clicking Next
6) Now you can see a list of all the
applications installed in the mobile phone. Choose the one you want to analyze.
You can either scroll down with the scrollbar or use the find field where you can write down the name of the app.
Let' s say you want to analyze Ola
Cabs app. Write ola in the lookup field
[1], OlaCabs will be listed. Make sure you check it up in the right box as shown in the picture [2]. Then click Next.
7) In another frame, there are details about the particular Case, Phone and Investigator. You can safely skip them all, don’t fill anything just hit the Next button.
8) This dialog is important, here you
choose, which output you want to have. If you are analyzing a particular app
for the first time, you need to do a backup. It will create a backup XML file
together with many other files and folders that will be discussed later. So
choose MOBILedit backup and hit Next
9) The final shows the Export name of
the folder [1] and the Destination [2] where the export folder will be. You
can change either of these.
By default, the Export name is the name of the phone
together with timestamp when the backup was done and Destination is a path you can freely set. Click Export
10) You will see MOBILedit started to
make the backup
11) You will be prompt to confirm device's backup, press OK.
Then you will also be prompt to Back up data on your phone, so do not forget to confirm that as well.
12) When everything went OK, you will
see a screen similar to this. Click on the Result folder to see the folder with
backed up data
13) You should have a folder at the
path you specified in the step 9). The folder contains mobiledit_backup.xml and
other files and folder backup_files. It should look something like this picture
14) If you dig deeper into the
backup_files folder, you will see it contains other subfolders called phone and
file called fileHases.csv. In the phone folder, there are 4 subfolders with
possible other sub/subfolders and files.
Which exact folders and files it
contains and where they are is application-dependent.
In aplication0 there is a
folder with the same name as is the name of the application package we just
analyzed (in our case it is com.olacabs.customer), and inside there is a folder
called live_data containing all the data from the backed-up application,
It is generally hard to say which data
are important for further processing, and in which folders they are, because it is
different for each and every application. Some applications hold all of their data
here and are quite simple for further processing and analyzing, other
applications contain all of the data, but are quite difficult for further
processing (they might encrypted etc..) and other applications don’t hold much
data in the folder, but hold their data somewhere on the cloud in online databases or somewhere else. Thus, it is always from case to case how to do further
processing.
But from the first sight, for example, we might see that there is a folder database, and it should contain some
valuable data in SQL (in SQLite files). So this is the way to go to try it first.
But here is an important note:
Never open the original database folder,
because it can corrupt some data and you would have to make the backup once again.
Make a copy of the databases first, and if you want to look inside,
open the copied file, NOT THE ORIGINAL ONE. What I would recommend is to
copy the whole folder (to Desktop for example) and when you want to open a
particular file, open it from that copy.
In order for us to further process and
analyze an application from the backup, we need the whole original folder. In
our case the folder has name "Samsung
Galaxy J3 2016 (2020-01-23 13h41m05s)".
Make a zip of the whole folder and
send it to us via email.
Related Articles
Huawei backup
This option allows users to extract even more data from Huawei devices than they would be able to get while extracting from live connected phone. Basically all you need to do is create and save a backup of your Huawei device using HiSuite software ...Backup overview
Backup is a useful function to save your valuable data (like contacts, SMS messages, organizer, files, etc) from your mobile phone and SIM card. If you lose your phone, you still have your data safely stored in MOBILedit This feature allows you to ...Samsung Smart Switch backup
MOBILedit Forensic Express can now load and analyze Samsung Smart Switch backup files. Below you can find a guide on how to create this backup and load in our Forensic Express. Open the Smart Switch app on your Samsung device and select the ...Backup: what to backup
When you start a backup you have to select what type of backup you want to perform. According to your device there could be multiple options to choose from. In the case of Android you can select basic MOBILedit backup (which can backup contacts, ...What to do to make reports smaller?
As a forensic expert, who is working with the evidence and a lot of reports on daily basis you might find this article very useful. it brings you some tips which can makes your daily duties much easier. Split the PDF report file to multiple files. ...