Jump to content
saman2

Mobile Forensic Tools Techniques (UFED4PC, Magnet, Oxygen, ...)

Recommended Posts

Hi,

I am working on Forensic (System Forensic, Mobile Forensic, Network Forensic, Live Forensic, ...) issues from 4 years ago.

I worked on a lot of tools (Mobile Boxes, Cellebrite products like UFED 4PC, Physical Analyzer, ... in mobile forensics and Belkasoft, Magnet, FTK, and so on.) during this time and I developed some tools in this area too.
During my work, I bought a lot of software and the software's price was too high (for example, UFED 4PC starts from 9000$).
(Recently I bought a dongle emulation of UFED 4PC from very very cheap and it works very wellย  ๐Ÿ˜„ ๐Ÿ˜„ I bought it for version 7.15 but it works for 7.16, 7.18 and the last version, 7.21.)

In this post I have decided to explore mobile forensics techniques (focusing on UFED 4PC) and find the ways it bypasses phone lock, removes phone lock, extracts physical image from locked phone, and so on.
In this post I want to describe any technique I found from UFED 4PC (for example) or other Phone Forensic tools.
Please share anything you know in this area.

Share this post


Link to post
Share on other sites

Go on then, describe your techniques.

  • Like 1

Share this post


Link to post
Share on other sites

As you now, UFED 4PC is one of the the powerful tools in Mobile Forensic.

One of its technique is "ADB Root" that roots devices and get image from it.

Unlike other techniques that UFED 4PC has, this technique remained unchanged during time.

Because of that, this tech. only works on old devices.

in following post, I will send the methods it uses to root devices.

Share this post


Link to post
Share on other sites

UFED 4PC uses following methods to root device:

rosecure
zergRush
fourrunnerStatic
MTKRoot
CowGirl
psneuter
PingRoot
django

Share this post


Link to post
Share on other sites

It uses a subset of these methods based on Android version and Brand. For example for android 5, it follows these steps:

First it uses CowGirl64BitSam

If the previous didn't work, uses MTKRoot

If MTKRoot didn't work, it uses PingRoot

If PingRoot didn't work, it restarts the phone (to clear previous changes), then uses CowGirl32BitSam

If CowGirl32BitSam did not work too, it restarts the phone again, and uses RootSpot as a last method.

If RootSpot didn't work, it shows a message to the user that "the device is not rooted"

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...