ADB Dumpsys
Dumpsys is a tool built into the Android OS, generally used for development purposes to show the status of services running on the device. However, it can also contain forensically interesting information. Dumpsys does not require root access, but like all ADB commands, it does require USB Debugging to be enabled on the device and Secure USB Debugging to be bypassed.
The exact services that can be viewed differ across devices and Android versions. To view a list of all possible services that can be dumped, run the following command:
adb shell service list
The output of the command will appear as a list, shown as follows:
The service name located before the colon is the argument we will pass to dumpsys. A valid dumpsys command, using service number seven (iphonesubinfo) in the preceding screenshot, looks like this:
adb shell dumpsys iphonesubinfo
In the following screenshot, we see that the output of the iphonesubinfo service includes the device IMEI:
There are many forensically...
