Physical Extraction...
 
Notifications
Clear all

Physical Extraction Samsung Galaxy S8/S7 Active  

  RSS
JohnNW
(@johnnw)
New Member

Hello all,

I have two phones I'm trying to get a physical on. Unfortunately I have not been able to accomplish this, and I need to get into the users password protected folders and deleted data. Both logical and file systems were ran without any issues, but I really need a physical.

Any suggestions? I'm more interested in getting into the S8 which is running Android version 7.0.

Quote
Posted : 14/12/2018 6:51 pm
passcodeunlock
(@passcodeunlock)
Senior Member

I think it can be done, I sent you a PM.

ReplyQuote
Posted : 14/12/2018 9:18 pm
JohnNW
(@johnnw)
New Member

I’m only interested in solutions that I can try on my own, without paying thousands of dollars.

Thanks for the offer though.

ReplyQuote
Posted : 14/12/2018 10:55 pm
passcodeunlock
(@passcodeunlock)
Senior Member

There isn't such a thing, good luck!

ReplyQuote
Posted : 15/12/2018 9:24 am
mshibo
(@mshibo)
Junior Member

Well, you may want to start looking for ENGROOT files for both phones which will allow you to gain root access without wiping userdata partition and then you can start physical extraction. I know that for S7Active, ENGROOT file is available and also public.
Good luck.

ReplyQuote
Posted : 15/12/2018 2:31 pm
passcodeunlock
(@passcodeunlock)
Senior Member

Depending on the device model, Android version and Android patch level, we also work with engineering boot based methods. The processing is manual, not some click-forensics based stuff. A single mistake is enough to brick the phone and your data is gone forever.

This kind of in-lab work usually has high costs. The costs are way higher for devices where an engboot isn't publicly available, which is the current case for the S8. If it not worth a few thousands dollars, then the case isn't important, why bother with it at all ?! )

ReplyQuote
Posted : 15/12/2018 4:18 pm
TinyBrain
(@tinybrain)
Active Member

Professional forensic unlocking service has its legitimate price - no Rolls-Royce for free. This forum is for professionals, not freeware surfers.

ReplyQuote
Posted : 15/12/2018 10:02 pm
Jamie
(@jamie)
Community Legend

This forum is for professionals, not freeware surfers.

It is perfectly acceptable to use these forums to research whether or not low cost solutions to a particular problem exist. Please refrain from making comments such as this in future, thank you.

ReplyQuote
Posted : 15/12/2018 10:37 pm
TinyBrain
(@tinybrain)
Active Member

In my understanding freeware surfers are not professionals. This forum is named in the subtitle

FOR DIGITAL FORENSICS AND EDISCOVERY PROFESSIONALS

Why are you so negative against me?

ReplyQuote
Posted : 15/12/2018 11:01 pm
passcodeunlock
(@passcodeunlock)
Senior Member

Many times cheap or free solutions can be excellent, I got nothing against those solutions! On the other hand, many things can't be done without money and time investment, a lot of knowledge, real work and sometimes pretty high technological laboratory costs. Who can't understand this, take a life!

It is perfectly acceptable to use these forums to research whether or not low cost solutions to a particular problem exist.

@jamie you are right, I fully support this way of sharing the knowledge, but lately there are too many unprofessional users around, without minimal forensic knowledge, but playing the "tough guy". Unfortunately this has only negative impact on FF (

@TinyBrain all the (living or dead) professionals were newbies once, everybody needs the chance to learn. Thanks for supporting me, but please don't argue with jamie, he is not against you or anybody else, he just tries to keep a good balance here )

ReplyQuote
Posted : 15/12/2018 11:20 pm
the_Grinch
(@the_grinch)
Active Member

I think part of the issue is no matter the importance of the case sometimes the money will not be spent. Also, the higher ups want to see that all possible avenues have been exhausted before approving the expenditure. Final thing is you might still be able to make a case without the data on the device so once it is known that there is no other way than paying for the unlock/extraction they might say move on.

The other issue is whether or not those who unlock the device will testify in court. That's another added cost that has to be weighed in as well.

Not attacking anyone just laying out the issues that revolve around a case and what investigators tend to deal with.

ReplyQuote
Posted : 17/12/2018 7:07 pm
jaclaz
(@jaclaz)
Community Legend

The other issue is whether or not those who unlock the device will testify in court. That's another added cost that has to be weighed in as well.

And there is even a further one IMHO.
As passcodeunlock said, when dealing with this kind of "experimental" and "high technology" approaches, there is a certain level of risk on the integrity of the device/evidence

The processing is manual, not some click-forensics based stuff. A single mistake is enough to brick the phone and your data is gone forever.

Which poses two kinds of questions
1) the reliability, "good name", etc. of the laboratory
2) the authorizations needed, once a laboratory has been chosen, to risk the procedure

In more traditional "wet forensics" the tests on evidence are usually categorized in two sets
a. repeatable
b. non-repeatable <- usually - at least here in Italy - these are performed only at the presence of both prosecution and defense lawyers and experts[1] with a specific authorization by the Court.

In the case of an experimental method that has concrete possibilities to brick the phone and make data lost forever, extracting the data (which should be in theory a repeatable test/method) soon becomes a "possibly non-repeatable" method, and should be treated, to be on the safe side, definitely as a "non-repeatable" one.

jaclaz

[1] a typical example is tests (chemical, DNA, etc.) in cases where the amount of biological matter to be analyzed is enough to allow only one test

ReplyQuote
Posted : 17/12/2018 8:24 pm
Share: