Working with Android logs and dumps
Android debugging logs
ADB Logcat display the system debugging file. Apps that use the Android logging API will dump logs into this file which can be open and filtered.
This command is especially useful to see all logs by process name.
$ adb logcat | grep `adb shell ps | grep com.example.package | cut -c10-15`
Logging bluetooth traffic
In the developper options activate Enable Bluetooth HCI snoop log. Then run adb shell “cat /sdcard/btsnoop_hci.log” to view the file or adb pull /sdcard/btsnoop_hci.log to save the file on disk.
You will need an hex editor. I recommend:
Capturing TCP/IP packets
tPacketCapture Pro allow you to dump TCP/IP packets from specific apps to .pcap files, which can then be opened in Wireshark for analysis.
Analyzing allocated memory is quite complex but well documented. This official Android documentation provide all the necessary explanations.
You can use those two commands to get basics memory information:
$ adb shell dumpsys meminfo
$ adb shell dumpsys meminfo 'com.application.namespace'
Other useful forensic commands
$ adb shell ps
$ adb sell netstart
Show running process
Show current connections
Show all process for an app process ID
Using Android studio
If you install Android Studio you can use DDMS for complete device analysis.
Other posts from the Android forensics and security analysis series: