What will you do when you conduct a malware analysis on a smartphone? You will focus on running processes or services, and also you'll capture memory dump and network packets for further analysis.
Of course you will keep an eye on the system logs. You want to real time monitor the logs but you will feel exhausted easily on doing this all day. If you want to real time monitor and export to files for further analysis, you could use adb logcat and pipe to a file on the workstation. The command is as below:
adb logcat | tee -a sys.log
Examine the log file and you could see someone logged into the smartphone at 14:07:20 through SSH, and the source ip was 172.20.10.3 .