±Your Account
Membership:
New Today: 2
New Yesterday: 2
Overall: 24170
Visitors: 35±Latest Webinar
±Latest Articles
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Windows 8: Important Considerations for Computer Forensics and Electronic Discovery
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Windows 8: Important Considerations for Computer Forensics and Electronic Discovery
±Follow Us
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
Go to page Previous 1, 2
Galaxy S III SCH-1535 Android 4.1
Re: Galaxy S III SCH-1535 Android 4.1
Posted: Wed Jan 30, 2013 12:01 pm
We have found, in our lab, the desktops that have gone to 64 bit from 32 ( since 6.4.1. xry now supports 64 bit)wont examine an s3 we have to go to one of our remaining 32 bit machines to do the s3, anybody done an s3 on 64 bit??
thanks
thanks
-
bigjon - Senior Member
Re: Galaxy S III SCH-1535 Android 4.1
Posted: Wed Jan 30, 2013 12:08 pm
That's really interesting. We currently still operate on 32bit machines however are currently testing a 64bit machine with the latest 64bit XRY on it. A colleague today has been having issues getting an extraction and XRY has fallen down. I did identify that the analyst hadn't read the notes on manual selection however it was still an incomplete extraction. It appears to just run adb backup and doesn't get data from the /dbdata folder on the device.
Incidentally it has also failed on the Cellebrite unit for both logical and physical however it is currently working pulling the file system. Cellebrite seems to be succeeding at this as we speak and from there we should be able to parse everything. The device power cycled when running the logical and physical extractions, powered on without a SIM.
Edited to add, it has completed with a file system read and looks (pending checking against the device) to have got all the data we need!
Incidentally it has also failed on the Cellebrite unit for both logical and physical however it is currently working pulling the file system. Cellebrite seems to be succeeding at this as we speak and from there we should be able to parse everything. The device power cycled when running the logical and physical extractions, powered on without a SIM.
Edited to add, it has completed with a file system read and looks (pending checking against the device) to have got all the data we need!
-
TomP - Member