±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 35514
New Yesterday: 4 Visitors: 182

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

LG M260

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

Carver
Newbie
 

LG M260

Post Posted: Apr 03, 18 22:04

Has anyone completed a Forensic Examination of the LG Model M260, also known as the K20? Using the Cellebrite UFED Touch 2, I found the listed device, but it only has a Logical extraction available, no Physical, and no File System. Obviously, I'd like to obtain all three if possible, or a File System at the very least. I attempted to obtain a generic Android extraction from the device but received the error code "The device security patch level is not sufficient for this extraction type". I'm using the most up to date version for the Touch 2. I completed a Blackbag Technology Blacklight extraction as well, but that did not include Apps data and was very limited in it's extraction.

Anyone?  
 
  

hectic_forensics
Member
 

Re: LG M260

Post Posted: Apr 04, 18 08:17

What version of Android and what is the date of the security patch on the handset - that's what it's referring to, not the version of UFED running on your Touch 2.  
 
  

Carver
Newbie
 

Re: LG M260

Post Posted: Apr 04, 18 15:53

- hectic_forensics
What version of Android and what is the date of the security patch on the handset - that's what it's referring to, not the version of UFED running on your Touch 2.


Android Version: 7.0

Security Patch Date: February 1, 2018  
 
  

passcodeunlock
Senior Member
 

Re: LG M260

Post Posted: Apr 05, 18 08:04

Using UFED specify a previous LG model (LG K10) and try to do a physical extraction in EDL mode with decryption on-fly.

The simplest way to enter EDL mode would be using ADB command. If that fails, use the UFED EDL cable. If that also fails, contact me for technical instructions on how to enforce the device to boot in EDL mode.
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

Carver
Newbie
 

Re: LG M260

Post Posted: Apr 05, 18 15:28

- passcodeunlock
Using UFED specify a previous LG model (LG K10) and try to do a physical extraction in EDL mode with decryption on-fly.

The simplest way to enter EDL mode would be using ADB command. If that fails, use the UFED EDL cable. If that also fails, contact me for technical instructions on how to enforce the device to boot in EDL mode.


I placed the phone into EDL mode/Firmware Update mode. While selecting a LG GSM Generic Android profile, I successfully obtained a Physical extraction. I found a nice Cellebrite Guide regarding this technique:

media.cellebrite.com/w...-guide.pdf

I did not find the generic Qualcomm profile described in the guide on the Touch 2.

The guide helps with court testimony as Cellebrite accepts it as an acceptable technique. I attempted a physical extraction with a generic profile previously, but it failed. I was not in the EDL mode during my previous failed extraction and received the same "security patch level" error message.

Thank you for your help as I was having difficulty with a few LG devices.  
 
  

passcodeunlock
Senior Member
 

Re: LG M260

Post Posted: Apr 05, 18 17:03

From what you write, I wonder if you did the whole process right or not. The Emergency Download Mode is different from the regular Download Mode (FW upgrade).
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

Carver
Newbie
 

Re: LG M260

Post Posted: Apr 05, 18 17:59

Hah, well, it worked either way so that's a success. I would like to learn the process you described as this is clearly not a surefire way to successful extractions.

Here are the steps I took,

a. Removing the battery
b. Inserting the battery
c. Holding the volume up button
d. Plugging the Micro USB(Cable 100) into the phone- while still holding volume up
e. Plugging the Micro USB(Cable 100) into the Touch 2- while still holding volume up
f. Phone enters EDL- Physical extraction is then available

I completed successful extractions on two LG phones today using this process. The phone displays Forensic Update on the screen. It also shows a 0% bar that never increases during the extraction.  
 

Page 1 of 2
Page 1, 2  Next