Is it useful to throw your phone and delete the app at the moment your uncle presses your head?

CN
OTC潇潇
Follow
3 days ago

Is it useful to throw your phone and delete apps the moment your uncle presses your head?

Many people say tough things when they are hard-headed, claiming that if they were pressed down, they would absolutely resist, throw their phone, and withstand all of their uncle's tactics when going home for the New Year.

Those with such thoughts are still too naive; the times have changed. Data knows better than you what you have done. Many fans have consulted me because they were summoned by their uncle, and when they went, they deleted chat records and apps. I tell you, your uncle wouldn't even bother using advanced memory recovery techniques to know what you did!!!

My advice to everyone is: when problems arise and you are pressed down, just tell the truth. After all, when the prosecutor suggests sentencing, they can still say: "Truthfully confessing the criminal facts is considered a confession and can lead to a lighter punishment!!!"

Those who often work with sewing machines know that internet technology has advanced by leaps and bounds. Smartphones have long become indispensable tools in our work and life. Because of this, our phones store massive amounts of data, from lifestyle habits to interests, even daily movements. Analyzing phone data can reveal everything. In many cases, smartphones have become common evidence, and legal professionals pay close attention to evidence collection and analysis.

Those who often work with sewing machines also know the principle of material exchange in the Locard exchange theory: when materials come into contact, they leave traces. The same principle applies to smartphone evidence collection; even if the process looks normal, it will leave behind traces of operation.

In the logs and configuration files of smartphones, there is a wealth of valuable data. You might think you deleted everything, but your uncle can analyze this data to understand the usage of evidence and all your related information.

Dumpsys for Android Devices

Dumpsys is a tool in the Android system that primarily prints out some information about the current system, such as activity, package, etc. It is an effective tool for analyzing device issues and checking operational status and usage. You can directly enter the dumpsys command in the shell, but the amount of returned data is large. Therefore, in practical use, you can input the command's return results into a file for easier transmission and analysis.

When you are pressed down, during the time your uncle fiddles with your phone, the tech uncle will discover something quite interesting—the dumpsys command. Initially, your uncle will directly use this command, and all the service information currently running on the phone will be printed out like opening a floodgate, densely packed, making your eyes blur.

Later, you will realize that this command can be used more precisely. The command adb.exe shell dumpsys -l can pull out all the services running in the current system and lay them out clearly in front of you. This is like when you used to collect coins; at first, you collected them all at once, but later you learned to categorize and filter, only picking what you wanted, which is convenient and practical.

If your phone has connected to Wi-Fi, you can directly use the command "adb.exe shell dumpsys wifi" to collect information related to Wi-Fi; all the Wi-Fi information you have connected to will be known.

Logcat for Android Devices

Logcat is a command-line tool in the Android system primarily used for debugging devices during development. It allows you to obtain application log information. When using it, you can directly enter the command "adb.exe shell logcat."

This is log recording, and you can save it using different logging classes. When your uncle queries the logs, he can choose different classes based on actual needs.

The Logcat command will print out a large amount of data, which is stored in different buffers based on type. When using Logcat to obtain data, you can retrieve it separately according to the buffer where the data is located. If no buffer is specified, the default output is the contents of the system and main buffers.

The specific output contents of each buffer are as follows:

  • Radio: Outputs logs from the communication system;
  • System: Outputs logs from system components;
  • Event: Outputs logs from the event module;
  • Main: Outputs all Java layer logs and logs that do not belong to the above three layers.

Bugreport for Android Devices

Bugreport is a tool specifically designed for system and app development. It contains device logs, diagnostic information, and stack traces. This information can help developers find and fix errors in applications. For your uncle's evidence collection work, Bugreport also contains a wealth of valuable information.

Those who often work with sewing machines might say, "I have a Samsung in my left hand and an Apple in my right, I'm invincible."

Most Samsung devices support SysDump mode. To use this mode, you need to unlock the phone and enter the home screen. In this mode, your uncle can obtain logs that are usually difficult to access without full file system permissions. SysDump is a built-in application on the phone. If the phone has an expansion card, the log data will be copied to the storage card; if not, it will be copied to a folder named "log" in the root directory of internal storage.

So, regardless of where the log data is stored, your uncle can still obtain log files using MTP or ADB commands without Root permissions.

The method to obtain logs is to enter "*#9900#" on the dialer interface to enter SysDump mode (as shown in Figure 14), then click "Copy to sdcard (include CP Ramdump)," and within a few minutes, the log retrieval will be completed, and you will receive a prompt.

Online Behavior of iOS Devices

Before fixing data on iOS devices, you need to connect the phone to a computer using a data cable, then click "Trust this computer" on the phone. After successfully verifying the lock screen password, you can complete the online operation before evidence collection.

iOS devices also support connecting to external storage devices like iFlash Device, allowing users to store data on external storage.

Don't even mention sensitive information; operations like entering a password to unlock the screen or pressing the lock screen button will leave traces on the phone. From the logs, it can be seen that the current screen is in a state of being unlocked after entering the password and has entered the system desktop.

So, when you are pressed down, immediately lock the screen and throw away the phone; everyone knows what operations you performed.

The operations of turning on and off the screen are also recorded in the log file, which is located at /data/log/lss_log. The entry "unlockUser finished" indicates that the unlocking is complete, and the log file contains timestamp information, allowing you to determine exactly when the unlocking or screen-off operation occurred.

The unlock status of iOS devices can be obtained from Unified Logs. In the console program, search for the process "chronod" and the information "Transition." Here, "BioUnlock" refers to unlocking the device using Face ID or Touch ID; your uncle knows all of this.

By analyzing historical data, you can know what activities you performed on your phone at a certain moment, which apps you opened, and the usage history details of the applications. This historical data is recorded by day, week, month, or even year, so analyzing this data may reveal the phone's usage status over a long period.

In summary, you can know when you opened which app and the total screen usage time.

The recent task snapshot feature on Android devices automatically takes a screenshot of the current screen and saves the screenshot in the device's /data/system_ce/ directory. Accessing this directory requires Root permissions, and from this directory, you can obtain the applications used on the device over a period and their interface screenshots.

Many people say to use Apple, but in fact, the iOS application snapshot feature applies to both local and third-party applications. When situations like switching applications to the background, locking the device, switching applications, or interrupting applications occur, the system automatically takes and saves screenshots. However, some applications do not allow screenshots. In iOS 11 and later versions, the snapshot files are in .ktx format and can be viewed in a macOS environment; in iOS 10 and earlier versions, the screenshot files are in .png format.

On iOS devices, information about installed applications can be obtained from the applicationState.db database file, located in the /var/mobile/Library/FrontBoard/ directory. The database records the package name and ID number of the applications. For example, the ID 128 corresponds to the package name com.tencent.xin. To view the installation information of a specific application, you need to first determine its corresponding ID based on the package name.

Applications on iOS devices are stored in directories named after their UUIDs. Therefore, before conducting manual analysis, you need to find the corresponding application data storage directory, which can be obtained from related databases. Otherwise, you will have to check each directory's com.apple.mobilecontainermanager.metadata.plist file one by one to determine the application's package name.

The application store on Android phones may track the uninstallation of applications. The database file market2.db from the Xiaomi app store is located in /data/data/com.xiaomi.market/databases/, where the packageremove_history table records the package names and uninstallation times of uninstalled applications.

Information related to the uninstallation behavior of applications on iOS devices can be analyzed from the installation logs located in /private/var/installd/Library/Logs/MobileInstallation/mobile_installation.log.0|1.

So don't harbor any illusions; the Locard exchange principle still applies in the field of electronic data, and it is particularly evident in smartphone evidence collection. The logs in smartphones contain a wealth of trace information, which is crucial for phone data analysis. However, due to their complex formats and variety, they are difficult for automated analysis tools to process, highlighting the importance of manual analysis.

But if you really fall victim to such tactics from your uncle, then it's a case of being shot first and sentenced later, without any injustice.

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To

Related Articles

avatar
avatarLanli
19 minutes ago
The US dollar has experienced three periods of continuous depreciation in the past:
avatar
avatarLanli
54 minutes ago
What kind of asset is Bitcoin, after all?
avatar
avatarMessari
2 hours ago
State of @PythNetwork Q4Key Updates: Pyth Network launches real-time oil price feeds and gains institutional exposure through European ETPs like the VanEck Pyth ETN and the 21Shares Pyth ETP
avatar
avatarLookonchain
4 hours ago
Mar 10 Update:
avatar
avatarMessari
6 hours ago
State of @babylonlabs_io Q4Key Update: Babylon concludes Phase-1 of Bitcoin staking
APP

X

Telegram

Facebook

Reddit

CopyLink