Enhancing Our Data Recovery Capabilities
I was lucky enough to find a complete kit that included the full cable set. The Cellebrite “Universal Forensic Extraction Device” or “UFED” Touch2, provides full physical extraction from many of today’s most widely used mobile devices.
Industry Standard File Formats
We performed our first UFED Touch2 Physical Extraction on a Samsung SM-J327A. (aka a Samsung J3) The UFED identified the device automatically, and loaded the required modules etc. required to perform the extraction. Once running, the PE process took approximately 90 minutes, as there was not much data on the subject device.
In addition to the UFED generated results, the extracted data was processed externally, using Autopsy DF software. Processing our first UFED Touch2 extraction through Autopsy was as easy as importing the UFED cellphone dump as a “Data Source” and selecting the desired “Ingest Modules“.
Then, just a few clicks later, we have everything. A complete, forensically sound image of the subject device, and, an interactive report on its entire contents.
Yes, even “Deleted” files. Autopsy makes quick work of “Unallocated Space”.
The Autopsy report generator provides a comprehensive, and easy to navigate report that enables investigators to view every detail of a device’s activity. The report is a complete analysis of all app data, and filesystem events, synced to the Timeline, and cross referenced with the Geolocation data on the device, all in a familiar “File Explorer” type GUI format.
You might be surprised at what a mobile device can reveal about a users movements, actions, communications etc.
Answers to the ‘who, what, why, when, where, and how’ of a case are laid bare to investigators in short order, saving valuable (and possibly life saving) time in the investigative process.
At PC Data Insights we are pleased to offer these enhanced Data Recovery services to our clients.