Android Screen Capturing

Share This Post

The latest version of Belkasoft X includes a new method for capturing data from Android devices: automatic screenshots for popular apps. The method is based on the ADB protocol and has the same requirements as for a backup: phone must be unlocked and developer mode enabled.


Android acquisition methods in Belkasoft X

Why use Android screen capturing?

Why use this method if you can make a backup with the same requirements?

There are several reasons to use the automated screen capturing method:

  • Many apps’ data will not make it into a backup, while the data is stored on the device and is visible when manually reviewed
  • App data may be encrypted and inaccessible even if it gets into a backup (decryption may require an encryption key that is not included in the backup)
  • Even if an application data is possible to acquire if the app version can be downgraded, that method has its own risks, whereas taking screenshots is perfectly safe. Following generally accepted rules, in particular the SANS ‘Six steps’ article, the investigator should use the least risky and least destructive methods of data extraction first, which means that screenshots should be taken before trying to downgrade the application
  • Screenshots can also be taken manually by scrolling through the app data and photographing the device with a camera, but this is time consuming and error-prone

The Screen Capturing method implemented in the latest version of Belkasoft X, has other advantages:

  • It is quick. Unlike manual scrolling and photographing, the product spends just a couple of seconds per screen
  • It is accurate. Each screen is positioned so that there is no overlapping of screenshots (and worse, no ‘holes’ between screenshots that leads to loss of data—and such an error is quite easy to make at the end of several hours of taking screenshots manually!)
  • You can set a limit on the number of screens to capture. Years of correspondence history with a single recipient can stall the process of screen capturing the correspondence with other contacts of the profile owner. That is why in Belkasoft X you can set the number of how many last messages or calls you are interested in. To give an example, by specifying the 10 last messages you can limit the time of capturing to a few minutes, which is useful when you are short on time.

What apps are currently supported?

The current version of Belkasoft X supports screen capturing of the following applications:

  1. Signal
  2. Telegram
  3. WhatsApp

The user can capture screens with text messages as well as call history.

How to collect the data?

  1. Connect an Android device to a computer with Belkasoft X
  2. Allow USB debugging mode within Developer options (Settings\System\Developer options\USB debugging turned on)
  3. Turn on Airplane mode on the phone
  4. Run Belkasoft X, create a new case or open an existing one
  5. Go to: Add a data source—Acquire—Mobile—Android—Screen Capturer
  6. Choose an application that you want to capture (Signal, Telegram, WhatsApp)
  7. Select a folder for the image and start the acquisition
  8. Click Allow USB Debugging when displayed on the device screen
  9. Do not touch the device during the entire acquisition process
  10. Throughout the entire process, the log reflects information about what is happening at the moment:
  11. Wait for the acquisition to complete and review the results

What do the acquisition results look like and what can be done with them?

Once the data collection is completed, the collected data can be instantly analyzed in Belkasoft X:

If you do not need to analyze the results, you can review captured data in the chosen folder:

Conclusion

Android screen capturing is a straightforward and useful method for obtaining message or call history. It is reliable and safe and can be done first, before trying more technically challenging and unpredictable methods.

Another non-obvious advantage of this method can be mentioned: the ease of perception of the information obtained in this way by non-technical specialists. When presenting screenshots in court, the expert will not have to explain what is happening on the screen, when and between whom the communication took place, etc.

Belkasoft X is a reliable, all-in-one digital investigation software to accelerate digital forensic and incident response investigations.

This article was originally posted on Belkasoft’s blog: https://belkasoft.com/android_screen_capturing

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.
Article

BFU – Seeing is Believing

Oh no, the device is in BFU. This is the common reaction; a device needs extracting, and you find it in a BFU state. Often, there’s an assumption that a BFU extraction will only acquire basic information, but that isn’t always the case.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .