±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36783
New Yesterday: 0 Visitors: 104

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Viewing a Magnet Axiom extraction in Cellebrite PA

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Jopagne
Newbie
 

Viewing a Magnet Axiom extraction in Cellebrite PA

Post Posted: Sep 27, 19 21:54

I have performed a Physical Extraction on a BLU Dash L mobile device, with an unresponsive screen using Magnet Axiom Process. This was the only software tool to support the device. This provided a .RAW file. When I view this file in the analysing tool, Magnet Axiom Analyse. Thousands of images were evident, however no data was attached to these images and no contact or call information was available. So I imported this file into Cellebrite Physical Analyser, however I am unable to see the images, and can just see call, and contact information.

I have been advised to convert the .RAW file to a .BIN file in order to view it in it's entirety in Cellebrite PA. Is there a software tool to do this ? Or any other advice to view the entire contents ?  
 
  

randomaccess
Senior Member
 

Re: Viewing a Magnet Axiom extraction in Cellebrite PA

Post Posted: Sep 28, 19 08:39

the extension is irrelevant in this case; .raw and .bin are the same thing essentially (at least in principle)

UFED PA relies on chains and plugins to process extractions. I would suggest contacting support as they usually have a decent idea of how to decode the data. It's usually a combination of AndroidDD and then a whole bunch of other Android generic plugins. You open PA and then go through the File menu to "manually" create the chains. Historically I've just gone to support and they've usually come through with assistance  
 
  

Jopagne
Newbie
 

Re: Viewing a Magnet Axiom extraction in Cellebrite PA

Post Posted: Sep 30, 19 13:35

I have tried the plugins in PA, each time resulting similarly, with data missing. It was Cellebrite support who have advised me to convert the file to a .bin.  
 
  

UnallocatedClusters
Senior Member
 

Re: Viewing a Magnet Axiom extraction in Cellebrite PA

Post Posted: Sep 30, 19 17:00

You could first mount the RAW file using Mount Image Pro or equivalent and then use TestDisk to access the partitions on the now mounted RAW file.

TestDisk will allow you to export the contents of the RAW partitions to folders and files on your local machine, which you can then parse using your smartphone forensic tool of choice.  
 

Page 1 of 1