Android Nougart (7....
 
Notifications
Clear all

Android Nougart (7.0) & Physical Imaging

8 Posts
5 Users
0 Likes
1,193 Views
(@vishu)
Posts: 4
New Member
Topic starter
 

Hi All,

In a recent case have come across a situation where I need to find out some deleted data from a mobile device running with Android Nougart (7.0).

The tool I am relying on is UFED touch, however this clonning device does not support the physical imaging of Android Nougart (7.0) and the recent changes made in Android 3rd party application, data can no longer be extracted when performing File system and logical (Apps data) extractions for devices running Android OS 7 using Android Backup and Android Backup APK Downgrade methods.

Is there any other tool which can be helpful, I also would like to know if anyone else faced similar issue and how did they overcome it?

Thanks,
Vishnu

 
Posted : 16/08/2017 9:39 am
Mreza
(@mreza)
Posts: 84
Trusted Member
 

You didn't specify the model. Have you tried rooting your phone?

 
Posted : 16/08/2017 4:30 pm
SamBrown
(@sambrown)
Posts: 97
Trusted Member
 

Rooting the phone is usually the only way. Of course, with Android 7 this is currently quite a challenge.

 
Posted : 24/08/2017 7:04 am
(@urbanz)
Posts: 2
New Member
 

Hi,
the lastest version on UFED4PC (6.3.1), for some model like S7 Edge, even with Android, provides a new type of physical acquisition, probably using some security bug. The procedure is "atypical" and a little bit boring, including several cable switch and many reboots, but yesterday we've acquired a physical image of a Samsung S7 Edge with 128 GB Sd card (the acquisition takes 24 hours), locked by code. Fortunally, the device is not encrypted XD

 
Posted : 01/09/2017 10:52 am
Mreza
(@mreza)
Posts: 84
Trusted Member
 

Hi,
the lastest version on UFED4PC (6.3.1), for some model like S7 Edge, even with Android, provides a new type of physical acquisition, probably using some security bug. The procedure is "atypical" and a little bit boring, including several cable switch and many reboots, but yesterday we've acquired a physical image of a Samsung S7 Edge with 128 GB Sd card (the acquisition takes 24 hours), locked by code. Fortunally, the device is not encrypted XD

It depends on which security patch does the devices have, just as Advanced ADB method. If it has a latest security patch (they mostly do) the new Ufed method isn't efficient.
In our last case with Samsung Galaxy S7 Edge (SM-G935F) we didn't succeed.

• Bootloader based physical extraction Android 7 in UFED 6.3

Qualcomm-based Samsung devices the capability generically supports devices with a security patch level earlier then March 2017.

• Exynos-based Samsung devices the capability generically supports devices with a security patch level earlier then January 2017.

Some devices may be supported on later patch levels.

 
Posted : 01/09/2017 12:05 pm
(@urbanz)
Posts: 2
New Member
 

It depends on which security patch does the devices have, just as Advanced ADB method. If it has a latest security patch (they mostly do) the new Ufed method isn't efficient.

In our last case with Samsung Galaxy S7 Edge (SM-G935F) we didn't succeed. Also, we couldn't root it with methods published by Mr. Skulkin and Shorokhov on Forensic Focus. Crying or Very sad

Mreza

Yeah, it's possible; but, in this case, it's a bootloader "new" version, not ADB; in fact, isn't necessary rooting or developer options (necessary for the other exctraction).
The extraction didn't exctract unlock code; without this, i can't verify the security patch installed on the phone. It's a shame, it will be useful to make reference for the future extraction… anyway, i won't go off-topic.

Vishu, Smartphone model?

 
Posted : 01/09/2017 2:06 pm
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

There are too many "unknown" parameters for this issue. Please give exact model number + build number, exact Android version, the state of the bootloader locked or not, the state of the device encryption (default or manual), etc.

If the BL is unlocked, custom recovery image could be used to dump sda.

 
Posted : 02/09/2017 7:25 pm
Mreza
(@mreza)
Posts: 84
Trusted Member
 

Rooting the phone is usually the only way. Of course, with Android 7 this is currently quite a challenge.

Eng Boot Root files for Nougat are available D

https://drive.google.com/file/d/0BxIQ-lOUKAT0Z2lxRjlJdVlteXM/view

 
Posted : 01/10/2017 4:16 pm
Share: