I am trying to get physical image of GT-S7560 (Galaxy trend) running Android 4.0.4 with UFED4PC 7.18.
It fails by saying "The extraction is not supported for this specific version of the operating system". It is the same for filesystem extraction too.
What is wrong with that version of the OS?
Is there any forensically sound way to image that phone?
Regards
Have you tried with any other piece of software, MSAB, Magnet Acquire ?
Yes, I have tried Magnet Axiom. It failed too.
I am thinking about to try Magnet's recovery image but I am afraid of making the phone bricked. I could not decide.
Have you tried reaching out to cellebrite support? I find there support to be phenomenal.
Androids are usually finicky too with the USB cables. Have you tried the original cable or even an after market. I usually have good outputs with anker cables.
Edit also looks like you're a bit out of date. i recommend using the newest version from the portal.
Hi there,
I had the same with an s4 mini running on Android 4 or lower. Cant recall the exact firmware. I Found out that putting the phone in flightmode blocked the mtp mode. Furthermore i tried a original micro USB cable and kept wiggling until it made an connection. A Logical and file system extraction was succesful but a physical wasnt.
Hope this helps.
1. if allowed, root the device manually and do the physical acquisition - since the temporary rooting process from UFED 4PC works on the 4.0.0 firmware, but it was patched already in 4.0.4 )
2. get the original stock firmware for safety/backup reasons and then flash TWRP recovery, boot in recovery mode, fire up a shell, create the physical dump of the /dev/block/mmcblk0 to a microSD card or some OTG attached pendrive using dd, when done, import the dump in UFED Physical Analyzer doing Open Advanced and choosing your device template. After the whole process is done, flash back the original recovery to the device.
3. JTAG/ISP is a good solution, non-destructive, but some hardware is needed
4. if nothing worked, create logical acquisitions for having most of the data, then do a chip-off
Don't blame me if you brick the device ) All the previous things should be done on a dummy device first! If you get the desired results, then repeat the working procedure on the real device.
Hi,
Have you tried using EnCase 8 (8.05 or above) to acquire the device.
Mobile support is included in EnCase, where installing a driver pack accessible from Opentext MySupport is a requirement.
Regards
I've tried Magnet Axiom downloaded on Apknite, it worked.
I've tried Magnet Axiom downloaded on Apknite, it worked.
What is Apknite? I have acces to axiom as well..
1. if allowed, root the device manually and do the physical acquisition - since the temporary rooting process from UFED 4PC works on the 4.0.0 firmware, but it was patched already in 4.0.4 )
2. get the original stock firmware for safety/backup reasons and then flash TWRP recovery, boot in recovery mode, fire up a shell, create the physical dump of the /dev/block/mmcblk0 to a microSD card or some OTG attached pendrive using dd, when done, import the dump in UFED Physical Analyzer doing Open Advanced and choosing your device template. After the whole process is done, flash back the original recovery to the device.
3. JTAG/ISP is a good solution, non-destructive, but some hardware is needed
4. if nothing worked, create logical acquisitions for having most of the data, then do a chip-off
Don't blame me if you brick the device ) All the previous things should be done on a dummy device first! If you get the desired results, then repeat the working procedure on the real device.
No blame at all and also thanks for the info in the bullet one especially. I ll inform the customer about bricking possibilty and procedd accordingly.