Jack,
Can you figure out what chipset is in the device? Many of the cheaper, unbranded smart phones are on MediaTek chipsets and this may well open up options for getting full physical dump from either Oxygen or things like the Volcano Box.
What Android Version is running on the device? If it is 4.2.2 oder below, you can easily do a physical dump via ADB with UFED. Just select Vendor "Chinese Android" - Android MTK - Physical - ADB. UFED will try to do a temp root.
Obtaining critical data to include database files for applications for Android devices root level access is required. The picture that has been painted of root level access is almost that of illegally entering a computer without a warrant. This is not the case at all. Obtaining root can be compared to entering your password for your root user on a linux/mac OS when an application asks for that elevated privilege. By giving the application this privilege it can install to areas where elevated security is required, run as root and interact with systems off limits. Like on Android mobile systems, in order to run additional commands not available to a local user this elevated root user is needed. OFS (Oxygen) is an example that will shell root the device, obtain the needed non-invasive physical data and then reboot the device. The rebooting is utilized to remove the root privilege given to OFS and place the device back into a non root status. If your do not allow for software to gain this root level user access then the policy should not allow for ADB either. I say this because ADB Debugging has been hidden on new Android OS's and it is not on by default, but examiners must enable to allow for communication with mobile forensic software. This has been hidden for a reason - it is not supposed to be accessible or used because bad things can happen and damage the device. Furthermore, by turning ADB on, the device is being changed in order to accept communication via the debug bridge. The fact remains, processing a mobile device should be based upon the examiners ability to articulate that no user data was altered by the software or process and as such can be duplicated by another party. Obtaining shell root access of an Android device, and even using ADB, when properly understood and documented will stand up to any court scrutiny. Doing both is a necessity for the processing of an Android device for mobile forensic examinations. However, there are bootloaders and ROM exchanges that can be classified as invasive physicals that I can save for another day.. D
As for the question also about MTK Androids, OFS has the ability to bypass the security (passcodes/gestures/biometrics) and obtain a non-invasive physical. Just open the device extraction and then MTK.
Thanks all, I asked the judge the authorization to root the device.
As soon as you get permission to root we really recommend to try Oxygen. It will fully extract all WhatsApp and Facebook data including deleted records, chats, geo locations and shared files. And just to confirm the posts above if you have Android device based on MTK chipset you can create a physical dump even from a switched off device thus bypassing lock screen.
This is why our in-lab services are good and needed, we don't root, we don't install anything on the phones, we just do what the real user of it would do, open the device screen lock. Not depending on anything…
Once the phone is opened, there are many forensics tools to do the analysis jobs.
Still, the big issue is that LEO laws mostly forbid device delivery abroad and only flying in/out to us for personally handling the devices might be expensive for most of the cases.