Imaging Trouble wit...
 
Notifications
Clear all

Imaging Trouble with GT-S7560 with Android 4.0.4

11 Posts
8 Users
0 Likes
1,135 Views
(@nsumer)
Posts: 20
Eminent Member
Topic starter
 

I am trying to get physical image of GT-S7560 (Galaxy trend) running Android 4.0.4 with UFED4PC 7.18.
It fails by saying "The extraction is not supported for this specific version of the operating system". It is the same for filesystem extraction too.

What is wrong with that version of the OS?

Is there any forensically sound way to image that phone?

Regards

 
Posted : 05/10/2019 9:51 pm
(@dandaman_24)
Posts: 172
Estimable Member
 

Have you tried with any other piece of software, MSAB, Magnet Acquire ?

 
Posted : 05/10/2019 10:22 pm
(@nsumer)
Posts: 20
Eminent Member
Topic starter
 

Yes, I have tried Magnet Axiom. It failed too.
I am thinking about to try Magnet's recovery image but I am afraid of making the phone bricked. I could not decide.

 
Posted : 05/10/2019 10:30 pm
(@cs1337)
Posts: 83
Trusted Member
 

Have you tried reaching out to cellebrite support? I find there support to be phenomenal.

Androids are usually finicky too with the USB cables. Have you tried the original cable or even an after market. I usually have good outputs with anker cables.

Edit also looks like you're a bit out of date. i recommend using the newest version from the portal.

 
Posted : 06/10/2019 4:31 am
(@fissa)
Posts: 27
Eminent Member
 

Hi there,

I had the same with an s4 mini running on Android 4 or lower. Cant recall the exact firmware. I Found out that putting the phone in flightmode blocked the mtp mode. Furthermore i tried a original micro USB cable and kept wiggling until it made an connection. A Logical and file system extraction was succesful but a physical wasnt.

Hope this helps.

 
Posted : 09/10/2019 7:15 pm
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

1. if allowed, root the device manually and do the physical acquisition - since the temporary rooting process from UFED 4PC works on the 4.0.0 firmware, but it was patched already in 4.0.4 )

2. get the original stock firmware for safety/backup reasons and then flash TWRP recovery, boot in recovery mode, fire up a shell, create the physical dump of the /dev/block/mmcblk0 to a microSD card or some OTG attached pendrive using dd, when done, import the dump in UFED Physical Analyzer doing Open Advanced and choosing your device template. After the whole process is done, flash back the original recovery to the device.

3. JTAG/ISP is a good solution, non-destructive, but some hardware is needed

4. if nothing worked, create logical acquisitions for having most of the data, then do a chip-off

Don't blame me if you brick the device ) All the previous things should be done on a dummy device first! If you get the desired results, then repeat the working procedure on the real device.

 
Posted : 09/10/2019 9:07 pm
(@hommy0)
Posts: 98
Trusted Member
 

Hi,

Have you tried using EnCase 8 (8.05 or above) to acquire the device.
Mobile support is included in EnCase, where installing a driver pack accessible from Opentext MySupport is a requirement.

Regards

 
Posted : 10/10/2019 1:17 pm
(@watchhimrn)
Posts: 1
New Member
 

I've tried Magnet Axiom downloaded on Apknite, it worked.

 
Posted : 11/10/2019 7:49 am
(@fissa)
Posts: 27
Eminent Member
 

I've tried Magnet Axiom downloaded on Apknite, it worked.

What is Apknite? I have acces to axiom as well..

 
Posted : 13/10/2019 6:59 am
(@nsumer)
Posts: 20
Eminent Member
Topic starter
 

1. if allowed, root the device manually and do the physical acquisition - since the temporary rooting process from UFED 4PC works on the 4.0.0 firmware, but it was patched already in 4.0.4 )

2. get the original stock firmware for safety/backup reasons and then flash TWRP recovery, boot in recovery mode, fire up a shell, create the physical dump of the /dev/block/mmcblk0 to a microSD card or some OTG attached pendrive using dd, when done, import the dump in UFED Physical Analyzer doing Open Advanced and choosing your device template. After the whole process is done, flash back the original recovery to the device.

3. JTAG/ISP is a good solution, non-destructive, but some hardware is needed

4. if nothing worked, create logical acquisitions for having most of the data, then do a chip-off

Don't blame me if you brick the device ) All the previous things should be done on a dummy device first! If you get the desired results, then repeat the working procedure on the real device.

No blame at all and also thanks for the info in the bullet one especially. I ll inform the customer about bricking possibilty and procedd accordingly.

 
Posted : 14/10/2019 1:48 pm
Page 1 / 2
Share: