Viewing a Magnet Axiom extraction in Cellebrite PA
I have performed a Physical Extraction on a BLU Dash L mobile device, with an unresponsive screen using Magnet Axiom Process. This was the only software tool to support the device. This provided a .RAW file. When I view this file in the analysing tool, Magnet Axiom Analyse. Thousands of images were evident, however no data was attached to these images and no contact or call information was available. So I imported this file into Cellebrite Physical Analyser, however I am unable to see the images, and can just see call, and contact information.
I have been advised to convert the .RAW file to a .BIN file in order to view it in it's entirety in Cellebrite PA. Is there a software tool to do this ? Or any other advice to view the entire contents ?
the extension is irrelevant in this case; .raw and .bin are the same thing essentially (at least in principle)
UFED PA relies on chains and plugins to process extractions. I would suggest contacting support as they usually have a decent idea of how to decode the data. It's usually a combination of AndroidDD and then a whole bunch of other Android generic plugins. You open PA and then go through the File menu to "manually" create the chains. Historically I've just gone to support and they've usually come through with assistance
I have tried the plugins in PA, each time resulting similarly, with data missing. It was Cellebrite support who have advised me to convert the file to a .bin.
You could first mount the RAW file using Mount Image Pro or equivalent and then use TestDisk to access the partitions on the now mounted RAW file.
TestDisk will allow you to export the contents of the RAW partitions to folders and files on your local machine, which you can then parse using your smartphone forensic tool of choice.