Copy full disk image from Android to computer

As said in comment, adb pull /dev/block/mmcblk0 mmcblk0.img worked for me. A "DD image" is only a binary image file of the device.

You want to copy a disk from your android device to your computer (preferably on your fastest drive) for faster and lossless analysis/recovery.

This is short step-by-step guide in windows (linux: scroll down) to achieve it using the linux tool dd intended for precise, bit-wise copies of data. Credits go to scandium on xda for the code, see his post for more details.

Prerequisites

• make sure your device is rooted and busybox is installed

Windows:

1. install cygwin. During install, add netcat (under Net) and pv (under util-linux) packages; the standard install is located in C:\ so make sure you have enough disk space beforehand;

2. install adb e.g. through Android Studio. Make sure to add adb.exe executable file to the path variable to access it properly (guide).

3. Open two cygwin consoles/terminals (one sending data, one receiving data) and enter in one of the terminals to enter the device:

    # terminal 1
    adb forward tcp:5555 tcp:5555   # forward data over tcp connection
    adb shell                       # open a connection
    su                              # gain root access
    BUSYBOX=/system/xbin/busybox    # default location for most bb installers

    # note: adapt the variable `BUSYBOX` to point to your install directory
    #       the TWRP default is `BUSYBOX=/sbin/busybox` (in case of bricked device)

4. Decide what partition to copy, the /dev/block/mmcblk0 partition is usually the one containing the data you typically would want.

5. In the following code, adapt the partition name according to 4. and quickly one after another type in terminal 1 and terminal 2:

    # terminal 1
    $BUSYBOX nc -l -p 5555 -e $BUSYBOX dd if=/dev/block/mmcblk0

    # terminal 2
    nc 127.0.0.1 5555 | pv -i 0.5 > $HOME/mmcblk0.raw    

This saves the partition in the cygwin home directory (in a nutshell: it sends/receives output of dd over a tcp connection)

Look at the files / analysis

• To mount the partition in Windows you can use (OSFmount).

• To analyze the files I recommend Active@ Undelete but there are tons of alternatives. With that program you can also directly load all partitions from the file (without mounting it, so step 5 is redundant in this case).

Guide for GNU/Linux users: install netcat and pv (step 1), use the Disks utility to analyze