±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 32461
New Yesterday: 4 Visitors: 131

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Cellebrite UFED 6.1 and Advanced ADB

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Cellebrite UFED 6.1 and Advanced ADB

Post Posted: Fri Apr 21, 2017 3:05 am

Hi all,

As some of you may know, Cellebrite Released UFED version 6.1 for their products.

Release notes: www.cellebrite.com/Rel...tes_EN.pdf

In this new version they introduced something they call: "Advanced ADB. Which they state that they have a new way to make a physical extraction from android devices up to version 7.1 with security patches until november 2016.

How they do it?

Basically wat this means is that with Advanced ADB, you push a tool to the mobile phone from you UFED device.
You un-mount your mobile phone from you UFED device. Attach the new OTG kabels (OTG 508 & 501) to the phone, attach your storage devices (has to be FAT32, exFAT or vFAT).
Run the tool and make the extraction.


I haven't received the cables yet so I was wonder if anyone already has tested this method? If so, what are your experience?  

Goovscoov
Newbie
 
 
  

Re: Cellebrite UFED 6.1 and Advanced ADB

Post Posted: Mon Apr 24, 2017 1:32 pm

Dropped you a PM  

Principle3Notes
Newbie
 
 
  

Re: Cellebrite UFED 6.1 and Advanced ADB

Post Posted: Tue Apr 25, 2017 5:27 am

I'd love to know how this works and other people's experience - please drop me PM Smile  

Pacman91
Newbie
 
 
  

Re: Cellebrite UFED 6.1 and Advanced ADB

Post Posted: Tue Apr 25, 2017 11:27 am

Looking at the release date and the fact that it uses an exploit which was patched in Nov 16 i would guess they are using the "dirty cow" exploit to gain root.  

si666
Member
 
 
  

Re: Cellebrite UFED 6.1 and Advanced ADB

Post Posted: Tue Apr 25, 2017 11:34 am

I'm guessing by the fact that it utilises an exploit which was patched in Nov 16 that they are using Dirty Cow.  

si666
Member
 
 
  

Re: Cellebrite UFED 6.1 and Advanced ADB

Post Posted: Tue Apr 25, 2017 12:56 pm

We got the cables rather quickly and we've tested few of the models that weren't directly supported (as generic models) and everything went well, meaning we didn't experience any issues.

twitter.com/detektiv_m...5799971841

Also, I'm interested if there is a way to do a data extraction to a USB flash drive while charging the phone at the same time (except Cellebrite's Phone Power-up Cable).  

Mreza
Member
 
 
  

Re: Cellebrite UFED 6.1 and Advanced ADB

Post Posted: Wed Apr 26, 2017 12:25 am

- Mreza
We got the cables rather quickly and we've tested few of the models that weren't directly supported (as generic models) and everything went well, meaning we didn't experience any issues.

twitter.com/detektiv_m...5799971841

Also, I'm interested if there is a way to do a data extraction to a USB flash drive while charging the phone at the same time (except Cellebrite's Phone Power-up Cable).


Thats nice to hear!
Did you got any change to check the footprints of the tool on the devices when using the cable method? I heard that when you choose for the SD card method, the tool installs on the SD card. And no footprints will be left on the device itself(after cleaning up). With the cable its a different story ( I guess it loads in memory and then to the attachted USB-drive via the OTG cables.)

Would love to hear if you had any change to inspect that! Very Happy  

Goovscoov
Newbie
 
 

Reply to topicReply to topic

Share and Like this forum topic to get more replies




Page 1 of 1