Join Us!

Imaging Trouble wit...
 
Notifications
Clear all

Imaging Trouble with GT-S7560 with Android 4.0.4  

  RSS
nsumer
(@nsumer)
New Member

I am trying to get physical image of GT-S7560 (Galaxy trend) running Android 4.0.4 with UFED4PC 7.18.
It fails by saying "The extraction is not supported for this specific version of the operating system". It is the same for filesystem extraction too.

What is wrong with that version of the OS?

Is there any forensically sound way to image that phone?

Regards

Quote
Posted : 05/10/2019 10:51 pm
dandaman_24
(@dandaman_24)
Active Member

Have you tried with any other piece of software, MSAB, Magnet Acquire ?

ReplyQuote
Posted : 05/10/2019 11:22 pm
nsumer
(@nsumer)
New Member

Yes, I have tried Magnet Axiom. It failed too.
I am thinking about to try Magnet's recovery image but I am afraid of making the phone bricked. I could not decide.

ReplyQuote
Posted : 05/10/2019 11:30 pm
cs1337
(@cs1337)
Member

Have you tried reaching out to cellebrite support? I find there support to be phenomenal.

Androids are usually finicky too with the USB cables. Have you tried the original cable or even an after market. I usually have good outputs with anker cables.

Edit also looks like you're a bit out of date. i recommend using the newest version from the portal.

ReplyQuote
Posted : 06/10/2019 5:31 am
fissa
(@fissa)
New Member

Hi there,

I had the same with an s4 mini running on Android 4 or lower. Cant recall the exact firmware. I Found out that putting the phone in flightmode blocked the mtp mode. Furthermore i tried a original micro USB cable and kept wiggling until it made an connection. A Logical and file system extraction was succesful but a physical wasnt.

Hope this helps.

ReplyQuote
Posted : 09/10/2019 8:15 pm
passcodeunlock
(@passcodeunlock)
Senior Member

1. if allowed, root the device manually and do the physical acquisition - since the temporary rooting process from UFED 4PC works on the 4.0.0 firmware, but it was patched already in 4.0.4 )

2. get the original stock firmware for safety/backup reasons and then flash TWRP recovery, boot in recovery mode, fire up a shell, create the physical dump of the /dev/block/mmcblk0 to a microSD card or some OTG attached pendrive using dd, when done, import the dump in UFED Physical Analyzer doing Open Advanced and choosing your device template. After the whole process is done, flash back the original recovery to the device.

3. JTAG/ISP is a good solution, non-destructive, but some hardware is needed

4. if nothing worked, create logical acquisitions for having most of the data, then do a chip-off

Don't blame me if you brick the device ) All the previous things should be done on a dummy device first! If you get the desired results, then repeat the working procedure on the real device.

ReplyQuote
Posted : 09/10/2019 10:07 pm
hommy0
(@hommy0)
Member

Hi,

Have you tried using EnCase 8 (8.05 or above) to acquire the device.
Mobile support is included in EnCase, where installing a driver pack accessible from Opentext MySupport is a requirement.

Regards

ReplyQuote
Posted : 10/10/2019 2:17 pm
watchhimrn
(@watchhimrn)
New Member

I've tried Magnet Axiom downloaded on Apknite, it worked.

ReplyQuote
Posted : 11/10/2019 8:49 am
fissa
(@fissa)
New Member

I've tried Magnet Axiom downloaded on Apknite, it worked.

What is Apknite? I have acces to axiom as well..

ReplyQuote
Posted : 13/10/2019 7:59 am
nsumer
(@nsumer)
New Member

1. if allowed, root the device manually and do the physical acquisition - since the temporary rooting process from UFED 4PC works on the 4.0.0 firmware, but it was patched already in 4.0.4 )

2. get the original stock firmware for safety/backup reasons and then flash TWRP recovery, boot in recovery mode, fire up a shell, create the physical dump of the /dev/block/mmcblk0 to a microSD card or some OTG attached pendrive using dd, when done, import the dump in UFED Physical Analyzer doing Open Advanced and choosing your device template. After the whole process is done, flash back the original recovery to the device.

3. JTAG/ISP is a good solution, non-destructive, but some hardware is needed

4. if nothing worked, create logical acquisitions for having most of the data, then do a chip-off

Don't blame me if you brick the device ) All the previous things should be done on a dummy device first! If you get the desired results, then repeat the working procedure on the real device.

No blame at all and also thanks for the info in the bullet one especially. I ll inform the customer about bricking possibilty and procedd accordingly.

ReplyQuote
Posted : 14/10/2019 2:48 pm
bartekdre
(@bartekdre)
New Member

Today I made a physical dump of this model with XRY Complete.

UFED version 7.24 says that it can only through ADB but my tested phone has a damaged touch screen and it is impossible to enable USB Debugging.

You can also do root (kingoroot) and then perform UFED extraction via ADB or install TWRP and dump userdata using netcat.

ReplyQuote
Posted : 24/10/2019 9:21 pm
Share: