Samsung S4 i9500 ROM1 (Main User Data Partition) Dump Help

Hello guy,
You can try Cellebrite's UFED PA or Oxygen Forensic Detective to parse the sms,pictures,and etc,and don't forget to let us know the result. D

Hi guys,

I'm fairly new to mobile forensics but I have done multiple data recoveries through Jtag, EMMC direct, and Chip-off with the help of Z3X's East Jtag box. Usually it's pretty straight forward, I make a full dump of the EMMC and access the files through a program like "R-Studio" or Z3X's own Android Explorer.

When all goes well this is what I typically have access to

http//imgur.com/eeHHDp3

But when I tried to view the dump on the i9500 it looked like this

http//imgur.com/a/gKtH0

The customer had an app called CM Security and I think it may have something do to with accessing the files. I ran a complete scan of my dump through R-Studio and was able to come up with a whole bunch of pictures and some videos but there is a lot of corrupted/previously deleted data that I'm pretty sure the customer is uninterested in.

Do you guys have any recommendations on what sort of program I could use to extract sms/videos/pictures?

If I can get a hold of another working board do you think writing the dump to a working board will allow me better access to the data? The customer has provided me the password for the CM Security app but it is of no use to me unless I can boot into the device.

If you need any further clarification or pictures please let me know

Any help would be greatly appreciated!

You have a RAW data from a memory chip. You should prepare the data to DD format with PC-3000 Flash (or Rusolut).

Thanks for the help guys! I ended up using DiskInternals Linux Reader on the recommendation of a GSM FORUM user to properly view my raw dump and extract the data (Z3X's Android Explorer is still in it's infancy and it clearly can't do everything I need it to do). Then I used a really great program to convert the mmssms.db and contacts2.db files to a view-able format called yaffs extractor, mmssms.db & contacts2.db converter.

source http//forum.xda-developers.com/showthread.php?t=1683608

I've got another question though P

Anyone know if it's possible to do a Nandroid Backup of a raw dump? I feel as though that would very much help in streamlining the process of converting all the data to a view-able format as it would allow you to restore the Nandroid Backup to a phone.

ps What kind of coinage am I looking at to purchase something like Cellebrite's UFED PA or Oxygen Forensic Detective?