Jump to content

Mobile Forensic Tools Techniques (UFED4PC, Magnet, Oxygen, ...)


saman2

Recommended Posts

Hi,

I am working on Forensic (System Forensic, Mobile Forensic, Network Forensic, Live Forensic, ...) issues from 4 years ago.

I worked on a lot of tools (Mobile Boxes, Cellebrite products like UFED 4PC, Physical Analyzer, ... in mobile forensics and Belkasoft, Magnet, FTK, and so on.) during this time and I developed some tools in this area too.
During my work, I bought a lot of software and the software's price was too high (for example, UFED 4PC starts from 9000$).
(Recently I bought a dongle emulation of UFED 4PC from very very cheap and it works very well  😄 😄 I bought it for version 7.15 but it works for 7.16, 7.18 and the last version, 7.21.)

In this post I have decided to explore mobile forensics techniques (focusing on UFED 4PC) and find the ways it bypasses phone lock, removes phone lock, extracts physical image from locked phone, and so on.
In this post I want to describe any technique I found from UFED 4PC (for example) or other Phone Forensic tools.
Please share anything you know in this area.

Link to comment
Share on other sites

As you now, UFED 4PC is one of the the powerful tools in Mobile Forensic.

One of its technique is "ADB Root" that roots devices and get image from it.

Unlike other techniques that UFED 4PC has, this technique remained unchanged during time.

Because of that, this tech. only works on old devices.

in following post, I will send the methods it uses to root devices.

Link to comment
Share on other sites

It uses a subset of these methods based on Android version and Brand. For example for android 5, it follows these steps:

First it uses CowGirl64BitSam

If the previous didn't work, uses MTKRoot

If MTKRoot didn't work, it uses PingRoot

If PingRoot didn't work, it restarts the phone (to clear previous changes), then uses CowGirl32BitSam

If CowGirl32BitSam did not work too, it restarts the phone again, and uses RootSpot as a last method.

If RootSpot didn't work, it shows a message to the user that "the device is not rooted"

Link to comment
Share on other sites

  • 2 years later...

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...