Join Us!

Viewing a Magnet Ax...
 
Notifications
Clear all

Viewing a Magnet Axiom extraction in Cellebrite PA  

  RSS
Jopagne
(@jopagne)
New Member

I have performed a Physical Extraction on a BLU Dash L mobile device, with an unresponsive screen using Magnet Axiom Process. This was the only software tool to support the device. This provided a .RAW file. When I view this file in the analysing tool, Magnet Axiom Analyse. Thousands of images were evident, however no data was attached to these images and no contact or call information was available. So I imported this file into Cellebrite Physical Analyser, however I am unable to see the images, and can just see call, and contact information.

I have been advised to convert the .RAW file to a .BIN file in order to view it in it's entirety in Cellebrite PA. Is there a software tool to do this ? Or any other advice to view the entire contents ?

Quote
Posted : 27/09/2019 10:54 pm
randomaccess
(@randomaccess)
Active Member

the extension is irrelevant in this case; .raw and .bin are the same thing essentially (at least in principle)

UFED PA relies on chains and plugins to process extractions. I would suggest contacting support as they usually have a decent idea of how to decode the data. It's usually a combination of AndroidDD and then a whole bunch of other Android generic plugins. You open PA and then go through the File menu to "manually" create the chains. Historically I've just gone to support and they've usually come through with assistance

ReplyQuote
Posted : 28/09/2019 9:39 am
Jopagne
(@jopagne)
New Member

I have tried the plugins in PA, each time resulting similarly, with data missing. It was Cellebrite support who have advised me to convert the file to a .bin.

ReplyQuote
Posted : 30/09/2019 2:35 pm
UnallocatedClusters
(@unallocatedclusters)
Senior Member

You could first mount the RAW file using Mount Image Pro or equivalent and then use TestDisk to access the partitions on the now mounted RAW file.

TestDisk will allow you to export the contents of the RAW partitions to folders and files on your local machine, which you can then parse using your smartphone forensic tool of choice.

ReplyQuote
Posted : 30/09/2019 6:00 pm
Share: