±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36768
New Yesterday: 0 Visitors: 103

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Extracting Samsung Galaxy S8 SM-G950F (Cellebrite UFED4PC)

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Dimi
Member
 

Extracting Samsung Galaxy S8 SM-G950F (Cellebrite UFED4PC)

Post Posted: Mar 09, 18 18:50

Hello,

I have been extracting a Samsung Galaxy S8 (SM-G950F) with our UFED4PC.

Physical extraction was not working, Physical extraction with Samsung Generic was not working.

I did a logical extraction and File system extraction. I got all the data out of it except de app-data.

In my case especially the WhatsApp and the facebook Messenger data is very important.

What can i do more to extract the app-data (WhatsApp/Facebook Messenger) out of the smartphone?

Best regards,

Dimi  
 
  

UnallocatedClusters
Senior Member
 

Re: Extracting Samsung Galaxy S8 SM-G950F (Cellebrite UFED4P

Post Posted: Mar 10, 18 02:43

Dimi,

Have you looked at setting up a fresh Windows computer, installing WhatsApp desktop to the Windows computer, signing in to the phone's WhatsApp account using the WhatsApp Windows desktop installation, and then forensically collecting the WhatsApp data that has now been synchronized from the phone to the Windows computer?

If you have the Facebook account login and password, you could potentially recover Facebook Messenger messages from Facebook (https://www.facebook.com/help/131112897028467) using Facebook's built-in account archiving solution.

Another thought (never tested, just brainstorming): create a rooted Android phone, install WhatsApp and Facebook messenger, synchronize both accounts with the desired accounts to download the WhatsApp and Facebook messenger content to your rooted Android phone, and then collect the desired data from your rooted Android phone.

I was able to extract email from a client's iPhone by uploading the email on the iPhone to Apple's iCloud and then downloading the email from Apple's iCloud to an Outlook client on a Windows computer as an example of "bypassing" smartphone security.  
 
  

randomaccess
Senior Member
 

Re: Extracting Samsung Galaxy S8 SM-G950F (Cellebrite UFED4P

Post Posted: Mar 10, 18 08:43

No luck with physical using bootloader im assuming (locked bootloader; im not sure what happens if you turn that off...does it wipe the phone? never done it), but what about turning on developer mode and going ADB method for a physical?  
 
  

Dimi
Member
 

Re: Extracting Samsung Galaxy S8 SM-G950F (Cellebrite UFED4P

Post Posted: Mar 11, 18 19:54

ADB in developer mode was no succes  
 
  

Plan_B
Member
 

Re: Extracting Samsung Galaxy S8 SM-G950F (Cellebrite UFED4P

Post Posted: Mar 20, 18 10:51

Good suggestion UnallocatedClusters Smile

Without the users google account password its also possibe. Just create an fresh gmail-account, set it up on the device and backup the whatsapp databases onto the google drive.

Set this account on a rooted phone up, install whatsapp and restore the backup from the google drive account.  
 

Page 1 of 1