If you use an Android phone such as the Galaxy S7, you’ll have noticed that there is an “internal storage”, sometimes also shown as “internal SD card”, which in the latter case is somewhat misleading since it is no SD card but part of the internal flash memory. Whereas the “external storage” or “external SD card” is in fact the real (Micro)SD card, provided your device supports it (the Galaxy S7 does). The internal storage is internally usually mounted as /data and contains user-specific data, e.g. user settings, files from apps that don’t support storage on external media (*cough* WhatsApp) or use the internal storage for other reasons (e.g. time lapse photos). Android provides protection of this partition using Full Disk Encryption, which, in older versions, was rather easy to break. It got better in later versions, though even these still could be improved.
Now you might know that custom recoveries such as Team Win Recovery Project (TWRP) offer a backup function. These can handle the encrypted /data partition just fine – unless you use a Samsung phone. Samsung thought it needed to do things differently as got documented in a DerbyCon 2013 presentation. Unfortunately TWRP does not support this “Samsung encryption”, which means that it will be unable to mount the /data partition and as such be unable to make a backup since the TWRP backup function basically creates a .tar archive of the files on a partition.
For some purposes it may however be useful to do a low-level backup of the /data partition in its encrypted state anyway. Once again adb from the Google Android Platform tools comes handy: as you may know you can download files from the phone using adb pull. However many sources suggest that this implicitly requires a booted system (and the “USB debugging” option enabled in Android’s developer options). But what if your system doesn’t boot anymore?
adb doesn’t work in Standard Android’s fastboot and Samsung’s download mode. It also doesn’t work with the stock recovery in the S7 but TWRP does! And since you’re automatically root there, you can simply adb pull directly from the corresponding partition which you can find out like this:
$ adb shell ~ # ls -la /dev/block/platform/*/by-name/ drwxr-xr-x 2 root root 420 Jan 28 20:37 . drwxr-xr-x 4 root root 540 Jan 28 20:37 .. lrwxrwxrwx 1 root root 15 Jan 28 20:37 BOOT -> /dev/block/sda5 [...] lrwxrwxrwx 1 root root 16 Jan 28 20:37 SYSTEM -> /dev/block/sda14 lrwxrwxrwx 1 root root 15 Jan 28 20:37 TOMBSTONES -> /dev/block/sda9 lrwxrwxrwx 1 root root 16 Jan 28 20:37 USERDATA -> /dev/block/sda18
So in this case it is /dev/block/sda18. Then start the download like this:
$ adb pull /dev/block/sda18 userdata-backup
Of course this will take some time: the entire 25GB in case of the S7 are being transferred via a USB 2.0 connection…