Â
Most androids I come across you cannot perform a full physical image on without rooting the device which is not something we do as the phone needs to be returned in the same state it was received.
A side-side question, if I may.
When is the phone returned, on average, in your experience?
I mean, a phone is seized, then imaged/investigated, then (possibly after some explicit decision by a judge or high rank investigator) Â returned.
How long does the process take?
jaclaz
Â
I mostly deal in eDiscovery matters where generally Contacts/ Call Logs/ SMS/MMS and Voicemails are of relevance for litigation. Custodian agrees to let us capture the content and then the device is returned immediately after.Â
I mostly deal in eDiscovery matters where generally Contacts/ Call Logs/ SMS/MMS and Voicemails are of relevance for litigation. Custodian agrees to let us capture the content and then the device is returned immediately after.Â
I see, thanks, I was more curious on criminal cases, where I expect (presume) that the process will take weeks or months.
jaclaz
@cs1337 I tried this does not work on android 8.1 and above, Cellebrite will simply acquire the whatsapp stores in encrypted format and you may need to decrypt it manually.
@masekul In the latest Oxygen Forensic Detective, we have introduced the ability to extract WhatsApp and WhatsApp Business contacts and chats using OxyAgent utility installed in Android devices. Using this method you can quickly get all WhatsApp data and there will be no need to decrypt. It will be much faster than doing complete physical extraction that we also offer.Â
One more method that might be of help for you is scanning a WhatsApp QR code in Oxygen Forensic Cloud Extractor and getting all the evidence very quickly and in a readable format.Â
Â