Hi,
I have rooted Samsung J3 phone. I would like to do forensics from backup. The problem is that which backup method I get correct backup extension so backup file is opened by Autopsy?
I have used TWRP backup, but Autopsy does not support this backup extension.
I would appreciate your help!
Hello.
For the Android backup, you will have to convert the .ab using something like Android Backup Extractor (https://github.com/nelenkov/android-backup-extractor) and then you should be able to parse it with Autopsy. If you were able to TWRP the phone, were you able to use ‘dd’ or ‘dcfldd’ to get a physical image of the entire device? If you did then Autopsy will be able to parse that correctly.