I'm faced with a good hardening of our Samsung Android (SAFE enabled) phones inside an enterprise.
We use a mobile device management system (MDM) to set policies. With iOS we've a good path to access iPhones and iPads with remote reset of the PIN by the MDM and than acquire data by Cellebrite UFED touch.
As Android still lacks with enterprise integration we can't use this with our MDM.
One policy is set to do a local wipe after 5 wrong PIN tries on all platforms. So I can't use the lock bypass tools from Cellebrite as it needs to count to 10 in the UFED camera learning phase. Even if I've access to the PIN I need to change some settings (USB debug mode and so on disabled by policy) to can acquire the Android (Samsung S5 mini and newer). We can give order to move the phone from one policy group to an other to get some policies disabled to get access. By doing this we alter the phone and can/ will loose PIM data from the installed Touchdown client.
As we use Cellebrite UFED Touch with physical analyzer we can also process data (open - advanced) we acquired by a JTAG access.
I've currently no experience with JTAG. I understand how it works and I like to work with a clamp and Jigs for all the different company owned (CO/ COPE) Samsung devices. Soldering should be prevented to not destroy a phone. Each device will get a documentation how to access JTAG and which covers/ shells needs to be dismounted and what settings are used.
I came across RIFF and Ocopus/ Octoplus boxes. Is there any one here with experience to give me an advice what box is the best?
Currently we use (european GSM versions)
Samsung S3 (non LTE)
Samsung S4 mini
Samsung S5 mini
Samsung Tab3
Samsung Tab4
I don't want to start a thread "is JTAG a forensic proper way". I've read the old thread from years ago.
Privacy is regulated by internal policies and if we're unsure we get advice from our Data privacy manager (legal sign off or we drop the case). So this is not part of this thread.
Have a look at the RIFF Box, ZX3 Box, GPG EMMC