Hi all , please get your triple Espresso and let’s go . nowadays digital mobile forensics becomes one of the most trends in digital
forensics so what we can do for this process , types and techniques .
Firstly why do you need mobile forensics ? the mobile device now is an important part in
our life despite its type so in many cases we must pay attention to it . you
have to extract data as more as you can from
mobile so what are the methodologies you will use ? we can see blow :
Manual Extraction : in this method the mobile has no passcode you can use it as its user so document and capture all you need , this the easiest case .
Manual Extraction : in this method the mobile has no passcode you can use it as its user so document and capture all you need , this the easiest case .
Logical Extraction: in this method you connect the device to
pc or forensics hardware/software to push commands to extract data from the
phone like ADB command or agent based which require usb debugging is enabled in
android as example .
Physical Extraction : this the most preferred method as you
can recover deleted data from the phone and use multiple techniques in recovery
like file carving , it’s create a bit by bit copy . to do this you must have a
root access and sometimes you can’t root the phone as it’s boot loader is
locked so when unlocking this it will wipe the phone so you have destroyed the
evidence :D , as example you can install
custom recovery like and open terminal then make a dd image . So in physical
extraction as its challenges there are types to do it :
ISP ( In System Programming ) :
this a technique which enables you to do EMMC dump ( Flash memory ) of the device without removing the chip or destroying the phone .
ISP ( In System Programming ) :
this a technique which enables you to do EMMC dump ( Flash memory ) of the device without removing the chip or destroying the phone .
Jtaging :
Jtag is is an industry standard devised for testing printed circuit boards (PCBs) using boundary scan so in this process you connect TAPS on the board of the phone to a jtag box like Riff Box and start extracting data from the phone . this method is commonly used in Lumia Phones which is locked with a password .
Chip off :
the most destructive method , in which the BGA Chip is removed via
special equipment and use a chip reader to read and extract raw data from the
phone . Jtag is is an industry standard devised for testing printed circuit boards (PCBs) using boundary scan so in this process you connect TAPS on the board of the phone to a jtag box like Riff Box and start extracting data from the phone . this method is commonly used in Lumia Phones which is locked with a password .
so based in the device you have in the case you should determine the method compatible to use and extract data . you will use the last types of physical extraction when you fail in the normal physical or logical as those classified as hard and destructive which need experience in dealing with phones , disassembling them and apply the method .
