App Data from Samsu...
 
Notifications
Clear all

App Data from Samsung Galaxy S9+

13 Posts
9 Users
0 Likes
2,627 Views
owl1331
(@owl1331)
Posts: 18
Eminent Member
Topic starter
 

Hey Everyone,

I am new to the forensics field (and this blog) but am running into some issues I hope you can help with.

Currently, I am working on a Samsung Galaxy S9+ (no passcode/unlocked and Sprint) running 8.0 Oreo. I am using Magnet acquire but am only getting information like call logs, texts, pics. I was hoping to get app data, as I can see there are Facebook messenger messages as well as some other stuff. Very frustrating to view it on the phone, but not be able to get it off.

Now, in doing research on the S9+'s, sounds like they are difficult (if not impossible) to root, or do a flash recovery? I tried getting a backup with Samsung Smart Switch and found out that they encrypt the backup, so that's been a dead end.

Is this just an issue with Galaxy S9+'s in that they are still pretty new? What are my options, if any at all? I am still pretty new to the mobile device arena and am hoping that someone can give me some advice/guidance on if this is even possible to get this app data off and/or what steps I should go about to do that.

Thank You!

 
Posted : 10/01/2019 2:03 pm
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

If you have the funds, try a $99.00 single phone license of Mobiledit Forensic Express. No guarantees you wil extract more data but at a minimum you can validate the Magnet Acquire results.

Also, consider other routes to collect evidence such as using Facebook’s built in profile archiving solution which will include Messenger messages.

Other apps might also have a Windows desktop version that will allow one to download and then collect the desired data assuming you have the usernames and passwords required.

 
Posted : 10/01/2019 3:44 pm
owl1331
(@owl1331)
Posts: 18
Eminent Member
Topic starter
 

Awesome, thank you for the advice. The phone is logged into Facebook, but I don't have the password….do you by chance know if Facebook's built in profile archiving solution would work through a mobile phone? Or just on a desktop? What I mean is if I have it already logged in, could I do that or do you think I would still need the password?

 
Posted : 10/01/2019 4:43 pm
(@thomass30)
Posts: 110
Estimable Member
 

As far as I know there is no forensic software that support data extraction from Smart Switch backups.
But you can try to upload created backup into another rooted Samsung Phone and then data can be extracted by any forensic program.

 
Posted : 10/01/2019 9:43 pm
 dega
(@dega)
Posts: 261
Reputable Member
 

MOBILE EDIT support smart switch

 
Posted : 11/01/2019 7:48 am
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

MEF supports smart switch backups but it doesn't extract FB or messenger data. From a backup you get the same results as from the device directly (no data).

 
Posted : 11/01/2019 9:10 am
OxygenForensics
(@oxygenforensics)
Posts: 143
Estimable Member
 

lmo1331m, we can advise you how to extract all WhatsApp data when you have access to the mobile device but cannot acquire it in any forensic tool. Our Oxygen Forensic Detective software exclusively allows you to scan a WhatsApp QR code from the mobile device in our Cloud Extractor and acquire all WhatsApp messages, calls, contacts, etc. Hope it may help you.

 
Posted : 11/01/2019 2:03 pm
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

The OP is about FB messenger, not WhatsApp, no ?!

 
Posted : 11/01/2019 3:10 pm
owl1331
(@owl1331)
Posts: 18
Eminent Member
Topic starter
 

For this phone specifically I only have Facebook Messenger and not Whats App, but I am sure I will run into What's App eventually, so that's great info! I will definitely keep that in mind.

Regardless of the Smart Switch back up, is there anyway to extract the Facebook messages at all? I did a manual ADB backup and barely got anything. Is this because of 8.0 Oreo? So frustrating.

 
Posted : 11/01/2019 7:28 pm
(@whinkle)
Posts: 11
Active Member
 

Hello you can take a look at the DP 10 at www.datapilot.com
This is a great hand held device for acquisitions and viewing the data on the spot in real time. This device has built in screen mirroring so all apps that are on the phone can be mirrored and captured via the forensic device (no foot print is left behind). If you have any question you can contact myself as we are the manufacture and sole source provider in the US.

 
Posted : 11/01/2019 10:49 pm
Page 1 / 2
Share: