Is there a way to root Samsung Galaxy S8+(SM-G955F) ?

Thanks Arcaine2 this is very usefull what you said and that link you shared.

so well..these are hard times.. more and more devices are running Android 6+ from factory..

What is the solution for forensics examiners when they have device like that ? (encrypted)
They cant take physical image and recover data. What they can do about that ? only logical extraction ?

Is it possible to root encrypted device without losing existing data ?

And in my case .. i see there isnt much I can do to recover deleted media.
Any good software that I can run to recover deleted media, sms and calls on unrooted galaxy s8+?

I don''t know if I understand this correctly… ?

It is written in article " The data partition is decrypted with that key automatically once the device reboots. "

So if encrypted device like mine is running and would be rooted (somehow P ) , I can use for example MobilEdit Forensic Express to create phsyical image on running phone and all the data would be readable, Yes ? or am I completely missing something idea

Try magisk works on almost all android devices )

So if encrypted device like mine is running and would be rooted (somehow P ) , I can use for example MobilEdit Forensic Express to create phsyical image on running phone and all the data would be readable, Yes ? or am I completely missing something idea

I think your biggest confusion is just terminology. A lot of people think physical/logical just like the terms that are used for computer HDD forensics and it's not exactly the same. A physical image from tools don't always mean every sector like a computer HDD. They may get the entire file system but call it physical, technically that's just a logical image. If your tool gets a true physical of all the blocks (mmcblk0), it could still be encrypted like others have said.

Booting the phone and doing a software root could get you the entire file system and a lot of good data since it will be live and decrypted but it's not the same as doing a recovery/bootloader method and accessing the data at the block level which would be a true physical acquisition bypassing the OS completely.

It doesn't matter which tool you use, just make sure you're consistent with your terminology. I actually like Cellebrite's definition on logical/file system/physical as it accurately describes the type of data you get with each and how it is accessed
http//smarterforensics.com/wp-content/uploads/2014/06/Explaining-Cellebrite-UFED-Data-Extraction-Processes-final.pdf

OK thanks for all your replies.. it really explain few things to me about encryption..

So.. right now my only option is logical extraction ? (from S8+ G955F) ?

Did any of you had the similar situation to examine Galaxy S8 ?

I am running the exact same problem as you buddy.

Imo.. there is no official way (except Cellebrite CAIS) to do a physical dump of an Samsung Galaxy S8/S8+ without data loss.

There are several ways to disable the encryption BUT .. as far as i know - u have to wipe data partition and thats not what we want as an examiner.

greez

Thanks, your reply is really helpfull.

P.S
Few words about rooting which are mainly used I don't like and don't use Rooting since is not a way of recover deleted data in my point of view. If you are working on phone where you need to recover deleted data rooting will/will not replace some of deleted information. Depends where overwritten file for getting SU will be stored in NAND… from physical point of view in block of memory and their logical block numbers connection there are no difference if rooting affect only system partition or data because it's still changes data in NAND cells……

I've never really rooted a device to obtain deleted data but I'm interested in hearing why you're against it.
If you have to try recover a deleted file and you root the device, recovering the deleted file, that's a win.
If you don't root the device you automatically can't recover the deleted file? So you've got nothing already, why would you not look into it?

There's no dilemma about that. If there are no forensically correct methods available, the device needs to be rooted.

https://i.imgur.com/jDqCdA2.jpg

Specified Galaxy S8+ model can be rooted via the eng. root image.

There's no dilemma about that. If there are no forensically correct methods available, the device needs to be rooted.

https://i.imgur.com/jDqCdA2.jpg

Specified Galaxy S8+ model can be rooted via the eng. root image.

Its the ForensicFocus forum here.. so i guess it has to be a forensically flawless method P

As far as i know and wrote before..Root will result in an data wipe..

If someone just want to root his S8 .. he better should go to XDA Developers forum.

If u guys know another method, feel free to post here.

Greez