Android Data Extractor Lite – ADEL

P { margin-bottom: 0.08in; }

This Python script dumps all important SQLite Databases from a
connected Android smartphone to the local disk and analyzes these
files in a forensically accurate workflow. If no smartphone is
connected you can specify a local directory which contains the
databases you want to analyze. Afterwards this script creates a
clearly structured XML report. 

If you connect a smartphone you need a rooted and insecure kernel
or a custom recovery installed on the smartphone. 

Forensic principles: ADEL is intended to treat data in a
forensically correct way. This goal is reached by the fact that
activities are not conducted directly on the phone but on a copy of
the databases. This procedure assures that data does not become
changed, neither by the users of ADEL nor by an uncompromised
operating system. In order to proof the forensic correctness of ADEL,
hash values are calculated prior and after each analysis, to
guarantee that dumped data did not become changed during analysis. 

Extendibility: ADEL has been modularly built and contains
two separate modules: the analysis and the report module. Predefined
interfaces exist between these modules and both of them can be easily
amended by additional functions. The modular structure allows for
dumping and analyzing further databases of smartphones without great
effort and facilitates updates of the system in the future. 

Usability: The use of ADEL is intended to be as simple as
possible to allow its use by both qualified persons and non-experts.
At best, the analysis of the mobile phone is conducted in an
autonomous way so that the user does not receive any notice of
internal processes. Moreover, the report module creates a detailed
report in a readable form, including all of the decoded data. During
the execution, ADEL optionally writes an extensive log file where all
of the important steps that were executed are traced.

ADEL needs a predefined configuration for each device to work
proper. This configuration has to be added in the following file:


As an example we added the configuration for the Samsung Galaxy S2
running Android 2.3.3, more phone configurations will follow.

Example for the use of ADEL with a connected smartphone: -d device -l 4 

Example for the use of ADEL with database backups: -d /home/user/backup -l 4 

P { margin-bottom: 0.08in; }

In the current development state, the following databases are
forensically treated and parsed:

  • telephone and SIM-card information (e. g. IMSI and serial

  • telephone book and call lists,

  • calendar entries,

  • SMS messages,

  • GPS locations from different sources on the smartphone.

ADEL now makes use of a custom recovery image based on the
Clockworkmod-Recovery. Due to this change you do not need to modify
the kernel or the adb daemon anymore. Furthermore, on some newer
smartphones you can load the modified recovery to RAM via fastboot,
so you don’t need to do any persistent changes to the smartphone.

Download and more information

Image Credit

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top 10 things to Do After Installing Kali Linux

Kali Linux is considered to be one of the best hacking distribution of this era, it is developed by Offensive Security to give an...

Become a spy in your own right with Xnspy Android spying app

Having become widely popular among parents and employers, spying apps have become quite the norm nowadays. Android spying apps have made it a lot...

e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels...

What is Nmap? How to use Nmap for Information Gathering

Nmap stands for Network Mapper, a powerful network scanning and host detection tool that is being used to perform reconnaissance in a very first...