Hi All,
I have secured two (2) Samsung device namely the Galaxy Note 2 (N7100) and a Samsung Duos.
I have tried using Cellebrite but it appears that the devices are not supported.
Anyone could shed some light on how I could image these?
I have EnCase 7 as well but have not tried it yet.
Cheers
//SheZZaR
depending if you have access to fastboot or not, you can load a recovery system with root privileges and then, from there dd the flash to an external sd card or over netcat using ADB.
these are operations that should be tested first on spare devices before working on the actual evidences.
Shezzar,
Cellebrite UFED will soon (very few weeks) add physical extraction capabilities for the Samsung Galaxy Note 2 [N7100] that will bypass pattern/lock code when USB debugging is disabled.
This is in addition to the currently already supported Samsung Galaxy S, Galaxy S2 Galaxy Y and about 100 additional locked Android models.
This update will also include an extraction solution for many more locked Android models (while USB debugging is disabled).
Best regards,
Ron
Hi All,
Thanks for the advice.
I managed to do a File System Extraction for the Note 2 using Samsung CDMA version of the Note 2 instead of the GSM version.
Rampage > Please correct me if I'm wrong (as I am fairly new to Computer Forensics for mobile devices). Wouldn't rooting and loading a bootloader on the evidence device compromising the evidence?
Ron > Appreciate the info. Any hopes for the GT-C3222 (Samsung Duos)? File System Extraction? I tried using the Export Phone Data (A T Command) which does show support for the device, but even though i follower the step by step and waited a few minutes (as recommended by the UFED), it still failed to extract out the data.
I did not plug in the SIM Cards though as it may compromise evidence if new messages were to be received. We don't have a Faraday bag =/
Please advise.
//SheZZaR