Android Data Extractor Lite – ADEL

P { margin-bottom: 0.08in; }

This Python script dumps all important SQLite Databases from a
connected Android smartphone to the local disk and analyzes these
files in a forensically accurate workflow. If no smartphone is
connected you can specify a local directory which contains the
databases you want to analyze. Afterwards this script creates a
clearly structured XML report. 

If you connect a smartphone you need a rooted and insecure kernel
or a custom recovery installed on the smartphone. 

Forensic principles: ADEL is intended to treat data in a
forensically correct way. This goal is reached by the fact that
activities are not conducted directly on the phone but on a copy of
the databases. This procedure assures that data does not become
changed, neither by the users of ADEL nor by an uncompromised
operating system. In order to proof the forensic correctness of ADEL,
hash values are calculated prior and after each analysis, to
guarantee that dumped data did not become changed during analysis. 

Extendibility: ADEL has been modularly built and contains
two separate modules: the analysis and the report module. Predefined
interfaces exist between these modules and both of them can be easily
amended by additional functions. The modular structure allows for
dumping and analyzing further databases of smartphones without great
effort and facilitates updates of the system in the future. 

Usability: The use of ADEL is intended to be as simple as
possible to allow its use by both qualified persons and non-experts.
At best, the analysis of the mobile phone is conducted in an
autonomous way so that the user does not receive any notice of
internal processes. Moreover, the report module creates a detailed
report in a readable form, including all of the decoded data. During
the execution, ADEL optionally writes an extensive log file where all
of the important steps that were executed are traced.

ADEL needs a predefined configuration for each device to work
proper. This configuration has to be added in the following file:


As an example we added the configuration for the Samsung Galaxy S2
running Android 2.3.3, more phone configurations will follow.

Example for the use of ADEL with a connected smartphone: -d device -l 4 

Example for the use of ADEL with database backups: -d /home/user/backup -l 4 

P { margin-bottom: 0.08in; }

In the current development state, the following databases are
forensically treated and parsed:

  • telephone and SIM-card information (e. g. IMSI and serial

  • telephone book and call lists,

  • calendar entries,

  • SMS messages,

  • GPS locations from different sources on the smartphone.

ADEL now makes use of a custom recovery image based on the
Clockworkmod-Recovery. Due to this change you do not need to modify
the kernel or the adb daemon anymore. Furthermore, on some newer
smartphones you can load the modified recovery to RAM via fastboot,
so you don’t need to do any persistent changes to the smartphone.

Download and more information

Image Credit

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top 5 Techniques Hackers Use to hack Social Media Accounts

These days, Social Media have become a significant need in our everyday life. It encourages us to associate and connect with anyone over the...

5 Top Programming Languages for Hacking

We live in the 21st century, which is very fast-changing. This is a century of competition for information and computing resources. Every year the...

OSINT Tutorial to Track An Aircraft And Flight Information In Real-Time

No doubt Internet is said to be the world's largest repository of data and information. It contains an enormous amount of data related to...

Preventing SQL Injection in PHP Applications

SQL injection is one of the most common cybersecurity threats and as the name suggests, it is a form of injection attack. Injection attacks, on...