Skip to content

Commit d6530cd

Browse files
roareeroaree
authored
Expand explanations of data collected
1 parent f77a04f commit d6530cd

File tree

1 file changed

+54
-11
lines changed

1 file changed

+54
-11
lines changed

README.md

Lines changed: 54 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -40,17 +40,60 @@ Now androidqf should be executing and creating an acquisition folder at the same
4040

4141
The following data can be extracted:
4242

43-
1. (Optional) A full backup or backup of SMS and MMS messages.
44-
2. The output of the getprop shell command, providing build information and configuration parameters.
45-
3. All system settings.
46-
4. The output of the ps shell command, providing a list of all running processes.
47-
5. The list of system's services.
48-
6. A copy of all the logs from the system.
49-
7. The output of the dumpsys shell command, providing diagnostic information about the device.
50-
8. A list of all packages installed and related distribution files.
51-
9. (Optional) Copy of all installed APKs or of only those not marked as system apps.
52-
10. A list of files on the system.
53-
11. A copy of the files available in temp folders.
43+
| Data | Optional? | Output path(s) |
44+
|------|-----------|----------------|
45+
| A full backup or backup of SMS and MMS messages. | :white_check_mark: | `backup.ab` |
46+
| The output of the getprop shell command, providing build information and configuration parameters. | | `getprop.txt` |
47+
| All system settings | | `settings_*.txt` |
48+
| The output of the ps shell command, providing a list of all running processes. | | `processes.txt` |
49+
| The list of system's services. | | `services.txt` |
50+
| A copy of all the logs from the system. | | `logs/`, `logcat.txt` |
51+
| The output of the dumpsys shell command, providing diagnostic information about the device. | | `dumpsys.txt` |
52+
| A list of all packages installed and related distribution files. | | `packages.json` |
53+
| Copy of all installed APKs or of only those not marked as system apps. || `apks/*` |
54+
| A list of files on the system. | | `files.json` |
55+
| A copy of the files available in temp folders. | | `tmp/*` |
56+
57+
### About optional data collection
58+
59+
#### Backup
60+
61+
The following options are presented when running an androidqf collection:
62+
63+
```
64+
Would you like to take a backup of the device?
65+
...
66+
? Backup:
67+
▸ Only SMS
68+
Everything
69+
No backup
70+
```
71+
72+
These options refers to data collected from the device by running the `adb backup` command in the background. If `No backup` is selected, the `adb backup` command is not run.
73+
74+
| Option | Explanation |
75+
|--------|-------------|
76+
| Only SMS | `adb backup com.android.providers.telephony` is run. Only data from `com.android.providers.telephony` is collected. This includes the SMS database. |
77+
| Everything | `adb backup -all` is run. This requests backups of only apps that have explicitly allowed backups of their data via this method. Since Android 12+, this method doesn’t extract anything for almost all apps.|
78+
| No backup | `adb backup` is not run |
79+
80+
### Downloading copies of apps
81+
82+
```
83+
Would you like to download copies of all apps or only non-system ones?
84+
85+
? Download:
86+
▸ All
87+
Only non-system packages
88+
Do not download any
89+
```
90+
91+
| Option | Explanation |
92+
|--------|-------------|
93+
| All | All installed packages will be retrieved from the phone |
94+
| Only non-system packages | Don't download any packages listed in `adb pm list packages -s` |
95+
| Do not download any | Don't download any packages |
96+
5497

5598
## Encryption & Potential Threats
5699

0 commit comments

Comments
 (0)