BusyBox is an open source project that provides a stripped down implementation of around 400 common UNIX/Linux commands. It runs in a variety of POSIX environments such as Linux, Android, and FreeBSD, and is used in dockers.


On android:

Download and install busybox apk:

adb -d install BusyBox.apk

Usage example in Android forensics

  1. Check root access:

# ls /data
  1. Check the mounted partitions on the device:


Choose the partitions you wish to image and note their paths, for example for the data partition, something like /dev/block/bootdevice/by-name/userdata.

Set up connection between the workstation and the mobile device, forwarding port 8080:


adb forward tcp:8080 tcp:8080

Mobile device:

dd if=/dev/block/bootdevice/by-name/userdata | busybox nc -l -p 8080


nc 8080 > android_data.dd

Start analysis on the image disk, using sleuthkit tools or Autopsy.