±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35734
New Yesterday: 1 Visitors: 102

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Cellebrite UFED extraction

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

RieRie
Newbie
 

Cellebrite UFED extraction

Post Posted: Mar 26, 19 13:02

Hello,

Can anyone please help. I am working on a Samsung Galaxy Note 9 which has been remotely wiped or reset. Am using the cellebrite UFED touch 2 but it is unable to recover any data. it only gives me the Samsung default ringtone. No SMS, Pictures, audio, whatsapp.

Thank you.  
 
  

passcodeunlock
Senior Member
 

Re: Cellebrite UFED extraction

Post Posted: Mar 26, 19 14:14

Recovering wiped devices is not something you will be able to do with that product.

There is a slight chance for a recovery, in-lab, at NAND protocol level, and on success it would cost you a fortune.
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

the_Grinch
Senior Member
 

Re: Cellebrite UFED extraction

Post Posted: Mar 26, 19 14:29

Have to agree with passcodeunlock, Android stepped up their game big time with their wiping so slim chance of getting anything off of that device now.  
 
  

arcaine2
Senior Member
 

Re: Cellebrite UFED extraction

Post Posted: Mar 26, 19 22:10

I feel like this is a problem since 4.4 at least. In current version, encryption is the biggest problem and even if you managed to recoved some data prior the wipe, at NAND protocol level, it would still be encrypted, with a previous key that's unknown.  
 
  

passcodeunlock
Senior Member
 

Re: Cellebrite UFED extraction

Post Posted: Mar 27, 19 07:55

@arcaine2: What you wrote is all right. The userdata partition is almost intact after a factory reset, just the keys are destroyed. After a successful NAND recovery, the userdata partition can be decrypted in certain situations. Usually there are small chances to do it, because it depends on many factors.
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

Firdy
Newbie
 

Re: Cellebrite UFED extraction

Post Posted: May 07, 19 07:38

Hi,

I'm kind of new to forensics. And currently doing a bachelors degree in cyber forensic.

Have you tried requesting from the user that previously used the mobile for any email address? Maybe you can get contacts or pictures from there... Or maybe i need to understand remotely wiped.

Just my humble opinion.  
 

Page 1 of 1