How to make an application backup
1) Open MOBILedit Forensic Express and click "Start"
2) Plug your phone to USB. You will see that on your phone Forensic Connector screen will show up. MOBILedit will then find the connected phone.
[1] Shows the phone type currently connected
[2] Shows if the phone is rooted or not
[2] Shows if the phone is rooted or not
Click on "Next"
3) if you see this dialog about Old Connector, click Yes and wait until the Connector updates
4) If your phone is rooted/jailbroken, you will probably see this dialog. Confirm by clicking OK
5) Now you are in the main dialog where you choose what you want to do. Choose Application analysis and confirm by clicking Next
6) Now you can see a list of all the applications installed in the mobile phone. Choose the one you want to analyze. You can either scroll down with the scrollbar or use the find field where you can write down the name of the app.
Let' s say you want to analyze Ola Cabs app. Write ola in the lookup field [1], OlaCabs will be listed. Make sure you check it up in the right box as shown in the picture [2]. Then click Next.
7) In another frame, there are details about the particular Case, Phone and Investigator. You can safely skip them all, don’t fill anything just hit the Next button.
8) This dialog is important, here you choose, which output you want to have. If you are analyzing a particular app for the first time, you need to do a backup. It will create a backup XML file together with many other files and folders that will be discussed later. So choose MOBILedit backup and hit Next
9) The final shows the Export name of the folder [1] and the Destination [2] where the export folder will be. You can change either of these.
By default, the Export name is the name of the phone together with timestamp when the backup was done and Destination is a path you can freely set. Click Export
10) You will see MOBILedit started to make the backup
11) You will be prompt to confirm device's backup, press OK.
Then you will also be prompt to Back up data on your phone, so do not forget to confirm that as well.
12) When everything went OK, you will see a screen similar to this. Click on the Result folder to see the folder with backed up data
13) You should have a folder at the path you specified in the step 9). The folder contains mobiledit_backup.xml and other files and folder backup_files. It should look something like this picture
14) If you dig deeper into the backup_files folder, you will see it contains other subfolders called phone and file called fileHases.csv. In the phone folder, there are 4 subfolders with possible other sub/subfolders and files.
Which exact folders and files it contains and where they are is application-dependent.
In aplication0 there is a folder with the same name as is the name of the application package we just analyzed (in our case it is com.olacabs.customer), and inside there is a folder called live_data containing all the data from the backed-up application,
It is generally hard to say which data are important for further processing, and in which folders they are, because it is different for each and every application. Some applications hold all of their data here and are quite simple for further processing and analyzing, other applications contain all of the data, but are quite difficult for further processing (they might encrypted etc..) and other applications don’t hold much data in the folder, but hold their data somewhere on the cloud in online databases or somewhere else. Thus, it is always from case to case how to do further processing.
But from the first sight, for example, we might see that there is a folder database, and it should contain some valuable data in SQL (in SQLite files). So this is the way to go to try it first. But here is an important note:
Never open the original database folder, because it can corrupt some data and you would have to make the backup once again.
Make a copy of the databases first, and if you want to look inside, open the copied file, NOT THE ORIGINAL ONE. What I would recommend is to copy the whole folder (to Desktop for example) and when you want to open a particular file, open it from that copy.
In order for us to further process and analyze an application from the backup, we need the whole original folder. In our case the folder has name "Samsung Galaxy J3 2016 (2020-01-23 13h41m05s)".
Make a zip of the whole folder and send it to us via email.
Related Articles
Huawei backup
This option allows users to extract even more data from Huawei devices than they would be able to get while extracting from live connected phone. Basically all you need to do is create and save a backup of your Huawei device using HiSuite software ...Backup overview
Backup is a useful function to save your valuable data (like contacts, SMS messages, organizer, files, etc) from your mobile phone and SIM card. If you lose your phone, you still have your data safely stored in MOBILedit This feature allows you to ...Samsung Smart Switch backup
MOBILedit Forensic Express can now load and analyze Samsung Smart Switch backup files. Below you can find a guide on how to create this backup and load in our Forensic Express. Open the Smart Switch app on your Samsung device and select the ...Backup: what to backup
When you start a backup you have to select what type of backup you want to perform. According to your device there could be multiple options to choose from. In the case of Android you can select basic MOBILedit backup (which can backup contacts, ...What to do to make reports smaller?
As a forensic expert, who is working with the evidence and a lot of reports on daily basis you might find this article very useful. it brings you some tips which can makes your daily duties much easier. Split the PDF report file to multiple files. ...