Physical acquisitio...
 
Notifications
Clear all

Physical acquisition of an android device that is not rooted

8 Posts
5 Users
0 Likes
3,083 Views
(@iamgenius)
Posts: 24
Eminent Member
Topic starter
 

Hi to all,

Sorry for asking this without doing a thorough research but I'm doing that now while also asking the question. I was having a discussion and it was said to me that physical acquisition for an android device is not possible if the device is not rooted. I didn't agree with that. My understanding is that it is possible. Rooting makes more things doable but I thought it is not required. So is it a MUST to root the device to acquire a physical image?

Thanks

 
Posted : 30/10/2016 8:33 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

So is it a MUST to root the device to acquire a physical image?

Software only or hardware is "allowed"?
http//www.forensicswiki.org/wiki/JTAG_Forensics

jaclaz

 
Posted : 30/10/2016 10:08 pm
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

is it a MUST to root the device to acquire a physical image?

No.

You can use few other ways.

 
Posted : 30/10/2016 11:38 pm
(@iamgenius)
Posts: 24
Eminent Member
Topic starter
 

Interesting. So we can say that it is not doable by software only. Hardware needs to be involved.

 
Posted : 31/10/2016 7:04 am
 RonS
(@rons)
Posts: 358
Reputable Member
 

Different tools use different methods and yes, you also have the hardware path (for example, Chipoff or JTAG).

Cellebrite UFED uses a combination of methods
1) Bootloader (no need for user to root) - this also bypass locked devices
2) Recovery partition (no need for user to root) - lock bypass
3) Built-in temporary root (no need for user to root) - this also bypass locked devices
4) Pre-rooted - when the phone is already rooted

Best regards,
RonS

 
Posted : 31/10/2016 2:22 pm
OxygenForensics
(@oxygenforensics)
Posts: 143
Estimable Member
 

There are non-rooting ways how to do physical extraction. It really depends on the Android device you have. For example, with Oxygen Forensic Detcetive you do full physical extraction without rooting from Samsung, LG, Mediatek and Spreadtrum chipset devices. The list of supported devices is constantly growing. You can also create JTAG and Chip-off images and import to Oxygen Forensic Detective.

 
Posted : 31/10/2016 5:49 pm
(@iamgenius)
Posts: 24
Eminent Member
Topic starter
 

Thanks folks. I'm at your debt. Yes, it is just like you said! They are ways to do it without rooting the device. It is just like I expected or vaguely remembered. I know I have read it somewhere. Heck, even iOS devices can be physically acquired bit by bit without jailbreaking them!!! It is done by using a custom ramdisk or something of this sort.

 
Posted : 01/11/2016 1:52 am
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

You can get physical dumps of Samsung Android devices and Spreadtrum Android devices without rooting.

Mobile forensics Device Firmware Upgrade

https://www.digitalforensicscorp.com/blog/mobile-forensics-device-firmware-upgrade/

 
Posted : 16/05/2017 10:30 am
Share: