Hello,
In an very important case, I have to extract the data from a Samsung E2202, this model http//
I tried with UFED and XRY but the device is not listed in the both softwares (too new ?).
I see on the website of samsung that the OS is "SUP" (Only in french http//
Is there another model of Samsung mobile who use this operating system to try the analyze on UFED or XRY with an other model.
Someone know this model ?
Did you have any idea to extract the data ?
For information, if i don't introduce a SIM card, I can't see the data in the device. So I put an empty SIM card and I see a lot of very interesting message.
Thank you for your answers !
i don't know the specific model, but to me, the operating system seems to be proprietary software.
first thing first that comes to my mind, is that by inserting a "blank" SIM you probably destroyed the call log, unless you cloned the original SIM data (IMSI/ICCID) from the original one.
then i'd say, check UFED compatibility, if it's supported, go with it logical extraction (i think) is the only chance, i don't think physical can be done, but it might depend on the actual chipset and memory controller.
that said, even if you manage to physically dump the memory chip, you'll still have to deal with the operating system filesystem and data structures, and so you need a software that can decode it.
best way to go in this case (imho) is to check compatibility list of major forensics software like UFED/XRY and why not oxygen and go with the one which provides best compatibility
A very new release into the marketplace (February 2013) and in fairness to the examination tool producers they 'may' not have had the chance to catch this one as yet.
Is there any relevance to be drawn from the fact this smartphone allows use of two SIM cards and will that have any bearing on your examination and data acquistion?
Is there a microSD card?
General 2G Network GSM 900 / 1800 - SIM 1 & SIM 2
SIM Dual SIM (Mini-SIM, dual stand-by)
Announced 2013, February
Status Available. Released 2013, February
Body Dimensions 110.7 x 46 x 14.3 mm (4.36 x 1.81 x 0.56 in)
Weight -
Display Type TFT
Size 128 x 160 pixels, 1.8 inches (~114 ppi pixel density)
Sound Alert types Vibration, MP3 ringtones
Loudspeaker Yes
3.5mm jack Yes
Memory Card slot microSD, up to 16 GB
Phonebook 1500 entries
Call records Yes
Data GPRS Yes
EDGE No
WLAN No
Bluetooth Yes, v2.1 with EDR
USB Yes, microUSB v2.0
Camera Primary VGA, 640x480 pixels
Video Yes, CIF@15fps
Secondary No
Features Messaging SMS, MMS, Email
Browser WAP 2.0/xHTML
Radio FM radio
Games Yes
GPS No
Java Yes
Colors Black
- SNS applications
- MP3/AAC/WAV player
- MP4/H.263 player
- Organizer
Battery Li-Ion 1000 mAh battery
Stand-by
Talk time
Misc SAR EU 0.90 W/kg (head) 0.60 W/kg (body)
Thank you for the answers.
For the SIM card, I don't have the PIN code for the SIM, so I removed it and turn on the mobile. I made a basic search in the mobile but the repertory, call log and sms can't be open without a SIM card. So I put a blank SIM card (Not cloned because I don't have the PIN code…)
It's dead for the call log ?
For the SIM, I'm waiting the PUK code from the operator.
I don't know Oxygen, I checked on the website and the E2202 is not listed (http//
The dual SIM is not relevant I think. When we found the mobile, there was only one SIM in the mobile. I don't know the reason of the owner to have a dual sim device.
And for the microSD, no there wasn't it.
generally on SIM change the call log is wiped but the behaviour may change from device to device.
you don't need the PIN to clone a SIM card, you only need to know the IMSI and ICCID, the ICCID is a freely readable value from the SIM while i guess the IMSI yes, requires a PIN for being read from the SIM, but it can be asked to the carrier and manually programmed on forensics SIM cloning equipment this prevents data loss and at the same time isolates the device from the GSM network.
do you have any information about the chipset on the device which can lead you in some directions?
Thank you for the information on the SIM card.
For the chipset, how can I find it ? Do i disassemble the device ?
by a quick search i found out that volcano-box (a flasher box for samsung devices) can do a full flash read of the device you are trying to analyze.
maybe once you have the physical dump you can come up with an idea on how to analyze it, but at least you have a dump of the flash to work on and to start from.
Thank you for this tool.
I will continue the investigation in this direction
Consider that obtaining the device internal memory dump is only the first process, i think the hardest part in this case will be the decoding process.
The OS is proprietary and therefore i'm expecting that the filesystem as well as the way data is stored can be tricky to understand.
the best bet will be to find out if there are similar devices using the same operating system that are already supported by UFEDPA/XRY.
in that way once you have the dump you might be lucky enaugh to have your dump decoded. but that can't be said for sure, it's just guessing.
Two good places to ask about this is http//
Both forums specialize in cell phone repair, and breakdown.