The document summarizes steps taken to recover deleted image files from an Android device's external memory. It discusses: 1. Calculating hash values of the device's external memory with WinHex and creating an image file to back up any recovered images. 2. There are two ways to create the image - using the dd command to copy from the device's memory to an image file, or using YaffsExpert software. 3. Once images are acquired, they should be backed up to external storage like a hard drive as a precaution.

1. Image (evidence) Recovery
in Android Device
Dafiz Adi Nugroho 113090005
Caisar Oentoro 113090064
M. Jafar Sidik 113091011

2. The Goal
Recovering deleted image files (.jpeg
and(or) png ) from the external Android
phones

3. The device
 The device used in this case is Nexian
NX-A891 with Android Froyo 2.2.2.
 The devices already rooted and can
be commanded through adb shell.

4. First Step (for external
memory)
 Calculating the device hash values
with WinHex.
 Creating image from the external
memory with WinHex.
 After getting images files from SD
Card, compare the hash values, if
matched then imaging process is
succeded

5. First Step (for external
memory)
 There are two ways:
◦ Using dd command:
 dd if=/dev/mtd/mtd1 of=/sdcard/recovery.img
bs=4096
• There are two ways:
– Using YaffsExpert, just click and follow
instructions

6. Backing Up Images
 After images acquired, just back it up
(make clone) in hard drives / flash disk, or
everywhere else.

7. Doing Analysis
 We little bit stack here.

8. That’s all we doing till now
 Hope better next time