Hi all,
I am doing a few test on a few my personal phone. Using Andriller or Android tools v 1.2 I did the backup of the phone. Then I analyzed it with Autopsy.
I can see is no more available /com.whatsapp Somewhere I read that facebook and whatsapp are excluded in the backup process. So what's the correct procedure to obtain whatsapp and facebook messages?
Thanks and best regards
You need to do a physical extraction of the devices to get access to WhatsApp as it is no longer included in the Android Backup.
Maybe try to root it?
For legal issues I can't root any device.
For legal issues I can't root any device.
Could you not ask your colleague to root it for you instead ?
Actually no matter UFED or XRY, they still need to root Android phone to grant permission. They just temporarily install a client/agent into Android phone to get enough access rights to the filesystem. After extration, uninstall the client/agent and you will think no such "root" things happened…
To be more accurate, UFED also offers a boot loader physical extraction method that "just" extracts the data, without loading loading a client and without rooting the phone and without ADB debugging dependency.
RonS
Hi,
Of course "Bootloader" is a better option than "Root", but don't forget one thing that only few models got "Bootloader" support. That means in most cases UFED/XRY still needs to "Root" Android phones, and you could see the prompt popup on the screen says that UFED/XRY wants to proceed "Root" procedures…Welcome to the real world!!!
In my opinion JTAG is a pretty good option. Unfortunately it's impossible for us to buy all kinds of JTAG boxes to fully support all manufactures or all models. That costs too much…
So if I could get the password/pin code or pattern key by all means(by guessing or give suspect a lesson or rooting whatever…), I could easily unlock his/her phone. This will be the easier way for forensic guys.
Check again the coming UFED 4.2.5 release in 2 weeks.
Those "few" with bootloader physical extraction solution that you mentioned are actually many hundreds (actually few thousands total) that cover the latest most popular devices.
Yes, this is changing when even newer phone firmware versions are released, but then, this is our bread and butter and we generally release a new update (like the coming big one)
Time to Cellebrite,
Ron Serber
No one can deny that UFED and XRY and Oxygen are very good mobile forensic tools. Our Law Enforcement use them a lot. How I wish I could acquire a smart phone as easy as acquiring a hard drive, because I've been suffering from so much pain dealing with usb debugging on/off, password/pin/passcode…
Some said it's not "legal" to Root/JB, but actually even commercial solutions do the same thing to grant access permissions. Not to mention about self-deconstruct or encryption..too many issues in mobile phone forensics, and we feel exhausted…Sorry sometimes I am a little frustrated.
I hope you guys make those mobile forensic tools better and better, so one day we could acquire and extract smart phones easier. No matter what kind of manufacturers or models.
Sorry I am late! The phone is ade by an unknown brand. It's not supported by UFED. The unique road is rooting…