Android Data Extractor Lite – ADEL

P { margin-bottom: 0.08in; }


This Python script dumps all important SQLite Databases from a
connected Android smartphone to the local disk and analyzes these
files in a forensically accurate workflow. If no smartphone is
connected you can specify a local directory which contains the
databases you want to analyze. Afterwards this script creates a
clearly structured XML report. 

If you connect a smartphone you need a rooted and insecure kernel
or a custom recovery installed on the smartphone. 

Forensic principles: ADEL is intended to treat data in a
forensically correct way. This goal is reached by the fact that
activities are not conducted directly on the phone but on a copy of
the databases. This procedure assures that data does not become
changed, neither by the users of ADEL nor by an uncompromised
operating system. In order to proof the forensic correctness of ADEL,
hash values are calculated prior and after each analysis, to
guarantee that dumped data did not become changed during analysis. 

Extendibility: ADEL has been modularly built and contains
two separate modules: the analysis and the report module. Predefined
interfaces exist between these modules and both of them can be easily
amended by additional functions. The modular structure allows for
dumping and analyzing further databases of smartphones without great
effort and facilitates updates of the system in the future. 

Usability: The use of ADEL is intended to be as simple as
possible to allow its use by both qualified persons and non-experts.
At best, the analysis of the mobile phone is conducted in an
autonomous way so that the user does not receive any notice of
internal processes. Moreover, the report module creates a detailed
report in a readable form, including all of the decoded data. During
the execution, ADEL optionally writes an extensive log file where all
of the important steps that were executed are traced.

ADEL needs a predefined configuration for each device to work
proper. This configuration has to be added in the following file:


As an example we added the configuration for the Samsung Galaxy S2
running Android 2.3.3, more phone configurations will follow.

Example for the use of ADEL with a connected smartphone:

adel.py -d device -l 4 

Example for the use of ADEL with database backups:

adel.py -d /home/user/backup -l 4 

P { margin-bottom: 0.08in; }

In the current development state, the following databases are
forensically treated and parsed:

  • telephone and SIM-card information (e. g. IMSI and serial

  • telephone book and call lists,

  • calendar entries,

  • SMS messages,

  • GPS locations from different sources on the smartphone.

ADEL now makes use of a custom recovery image based on the
Clockworkmod-Recovery. Due to this change you do not need to modify
the kernel or the adb daemon anymore. Furthermore, on some newer
smartphones you can load the modified recovery to RAM via fastboot,
so you don’t need to do any persistent changes to the smartphone.

Download and more information

Image Credit

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...