Another application we can use for Android forensics is “Androidqf.” Named after Android Quick Forensic, this application does not offer as much detail as other tools but aims to quickly provide the essential data needed for a digital forensics operation.
To install Androidqf, clone the repository from GitHub:
git clone https://github.com/botherder/androidqf.git
After downloading the repository, navigate to the “build” directory of this GO language-based application and run it:
cd androidqf/build
./androidqf_linux_amd64
When you run the application, it automatically connects to the device connected to the computer and starts collecting information about it. The information collected is written to a directory with the same name as the "acquisition id" specified in the "Starting a new acquisition" section.
You will then be asked if you wish to make a backup of the system before proceeding. You can choose using the up/down arrows and continue by clicking Enter.
We chose 'No backup' and Androidqf started collecting system logs, then information about applications installed on the device, and finally asked if we wanted copies of applications found.
As we selected 'Do not download', it finished the process at the next stage.
The contents of the directory it created for us are as follows:
In this directory:
The “Settings_” files contain database dumps related to system settings.
More details with Android Forensics:
.png)
.png)