400-6666-8888
Free trial
*First Name:
*Last Name:
*Agency/Organization/Company
*Email address:
Mobile:
What is your industry:
Country:
*Requested Product:
How do you know us:
Lets us know if you have additional comments:

[Case Study] Mobile Forensics: Physical Extraction for Qualcomm and Mediatek Smartphone

Editor’s note:  Physical Extraction by means of the Qualcomm and MediaTek chipset which was built in the smart devices will always be the most important way to do the forensic job! Even though we have posted numbers of articles named “Case Study” on the blogs to expound this solution, but there are inquiries and doubts from the users as still. So today we are going to review “how to do physical extraction for Qualcomm and MediaTek smart devices”.

Physical extraction for Qualcomm chipset devices (for example OPPO a37f):

Step 1. Create a new case or load a history case to enter device selection page.

Image 7

Step 2. Enter the “Tools Box” click and start the “Qualcomm 9008 Physical Extractor”.

Image 8

Step 3. There are three options to enter the Qualcomm 9008 port displayed below,  you can choose the appropriate way according to your situation,

Option 1): ADB Command —— A single click on option 1 and SPF Pro will automatically send an ADB command to the smart device and enable 9008 port. This option only works when the smart device can boot up and is connected to your PC with USB debugging.

Option 2): Manual Operation —— Press and hold both volume + & – when powering off the smart device for a few seconds to manually enable 9008 port mode.

Option 3): Engineering Cable —— Connect the target smart device to the PC through the engineering cable. Press the button on the cable to enable 9008 port.

Image 9

Step 4. After 9008 port has been successfully enabled, click “Detection” to verify. Select the correct port number from the COM port list and specify a destination path to save the image file, then select a correct mode in the support mode list, if the target mobile model hasn’t been included in the support mode list, then you can choose the resource file which you can download flash file from internet, after searching and downloading the correct flash file, select the file “prog_emmc_firehose_8916.mbn” into resource file, then click the “Extract” button to initiate the physical extraction process. (Noted: concern about the “.mbn” file is related to the same chipset of the target Qualcomm smartphone.)

123

Step 5. Wait for the image process has been completed,  go back to the device selection page, and manually load the image file by clicking “File Analysis”.

123
Image 10

Physical extraction for MediaTek smartphone (for example “Vivo” Y17T)

Step 1. Create a new case or load a history case to enter device selection page.

Step 2. Enter the “Tools Box” click and start the MTK Physical Extractor.

Image 12
Image 11

Step 3. Enter the physical extractor, choose the “DA file”, “Scatter file”, “Bin file” one by one, the scatter file and bin file you can download from the internet and make sure the correct one has been chosen before download. (Noted: concern about the scatter file is related to the same chipset of the target MediaTek smartphone.)

Image 13

Step 4. Click the “Start imaging” button to initiate the process of image job for MediaTek smartphone. Wait for the image process has been completed,  go back to the device selection page, and manually load the image file by clicking “File Analysis”.

Image 2

Conclusion: Using the Physical Extraction technology to investigate the smartphone which was equipped with Qualcomm and MediaTek chipset, we can easily make a bit-by-bit image file from its flash memory even though the smartphone is abnormal: locked or broken. Moreover, not only the normal data can be extracted, but also the deleted and hide data can be extracted by our Physical Extractors.

The SalvationData experts will never stop developing the advanced technologies on digital forensics and assist the DFIR community to handle more and more mobile forensic cases. Browse the website for more information if you are interested, and the free trial of our forensic products is welcomed!

  • [Software Update] VIP 2.0 (Video Investigation Portable) 21.8.6.211 New Released now!


    The latest update of VIP 2.0 (Video Investigation Portable) is released now!

    Download or apply for a Free Trial Now!


    V21.8.6.2113 Version upgrade instructions:


    1.Added Walsh, Ezviz, xinhanshi, keshian and huiershi file system



    2. Optimized NVR analysis of glass particle, Zhiteng and Yushi technology


    3. Optimized the saving method of video files, and store the saved video files and corresponding verification files respectively


    4. Optimized the filtering of video retrieval objects and cancel the upper limit of displaying up to 99 retrieval results


    5. Optimized the scan result list and support inverse selection


    6. Optimized disk imaging


    7. Optimized batch transcoding tools and increase the upper limit of simultaneous transcoding


    8. Supported closing the video service after closing the program


    9. Supported the selection of mapped network disk path


    10. Optimized search tools


    11. Compatible with 2k and 4K resolution display

  • [Software Update] Mobile Forensics: SPF Pro V6.115.2 New Released now!

    SPF PRO V6.115.2

    The latest update of SPF Pro (SmartPhone Forensic System) is released now!

    Download or Contact us to apply for a Free Trial Now!


    V6.115.2 Version upgrade instructions:


    1. Added OPPO dual APPs data extraction, allow manually setup WIFI


    2. Optimized the scheme of copying media files for Android phones to improve the process speed of forensics


    3. Added the maintenance entry of “material information” during the process of extraction



    4. Optimized automatic extraction of Huawei mobile phone, supporting backup parsing to the latest version (11.0.0.530)


    5. Supported HarmonyOS data backup and parsing


    6. Updated some plug-ins


    Android: UC Browser, Quark; iOS: AKeyChat, Quark


    7. Added APPs search



    8. Added plug-in online upgrade function



    9. Bug fixed

  • HUAWEI Harmony OS – Firstly Supported by SPF Pro!


    Recently, Huawei announced that they plan to officially launch the long-awaited Harmony OS on June 2nd, by holding a product launch event.

    Before then, the operating system, which has only been used in products such as smart screens and wearable devices.



    Soon after the event, it’s expected to be used in more product categories including cellphones.

    Besides, they also released a video of the startup of the Harmony mobile OS on Weibo on May 27th.


    HUAWEI Harmony OS

    Due to chasing the most cutting-edge tech on mobile forensics, we made every efforts to obtain the qualification of the internal test long before so that we made great progress in advance for the upgrade of SPF Pro.


    SalvationDATA began to pay close attention to HarmonyOS at the very beginning of its emergence. Until now, we have obtained a preliminary technical breakthrough and we’re proud to say we’re capable of data extraction from devices that run HarmonyOS!

    After integrating the technology into Smartphone Forensics System(SPF Pro), it’ll officially meet with you guys in the next updated version (the new version is expected to be released on June 5th).



    SPF Pro is able to support the extraction and forensics investigation of normal data and deleted data of mobile phones equipped with HarmonyOS, including data of mobile phones themselves and data of third-party applications.

    The existing commonly used third-party applications are also supported, including but not limited to: QQ, WeChat, Yidui, Momo, Sina Weibo, QQ mailbox, Lianxin, Tantan, WhatsApp, Snapchat, and other mainstream apps.



    Customers who want to be the first to experience HarmonyOS smartphone forensics could download the next version of SPF Pro from our official website after the release on June 5.

  • [Software Update] Database Forensics: DBF 6300 V21.5.28.170 New Released now!


    The latest update of DBF 6300 (Database Forensic Analysis System) is released now!

    Download or Contact us to apply for a Free Trial Now!


    V6.113 Version upgrade instructions:


    1. Added online database for Oracle, PostgreSQL, support data parsing, analyzing and exporting



    2. Added file mode for CSV parsing, support CSV document parsing, analyzing, and exporting



    3. New online database collection tool, support MySQL, SQL Server, Oracle, PostgreSQL database online collection



    4. Rebuilt hierarchical analysis, added relationship chain marking, filtering deleted data, and improve the processing capacity of million-level hierarchical analysis



    5. Added functions of identification and conversion of special data for data statistical analysis (PRC Resident ID card, currency rate, etc.) and real-time editing of map data



    6. Added advanced query for filtering deleted data



    7. Bug fixed

  • [Software Update] Mobile Forensics: SPF Pro V6.113 New Released now!

    The latest update of SPF Pro (SmartPhone Forensic System Professional) is released now!

    Download or Contact us to apply for a Free Trial Now!

    V6.113 Version upgrade instructions:

    1. Optimized the automatic extraction of Huawei. Improved the backup speed, support to the latest HiSuite version backup analysis.

    2. Optimized the OPPO automatic extraction and backup tool. Improved the backup speed, allow users to try to continue the backup in the event of a backup failure, and improved stability.

    3. Optimized the automatic extraction of vivo. Solved the problem that some mobile phones cannot extract data from some third-party apps.

    4. Added “default iTunes backup password” setting, no need to manually enter when extracting.

    Salvationdata Mobile Forensics interface

    5. Added “Calculate MD5 value of file when extracting file” setting, support export to report.

    Salvationdata Mobile Forensics interface

    6. Optimized the analysis of iOS WeChat. Added group nickname, group joining method, and WeChat favorites data analysis.

    7. Upgraded the “photo/screenshot” function. Support to save screenshots and photos to a custom node, and synchronize to the extraction results.

    8. Updated some plugins:

    Android: Skype(Intl), Line, ArticleNews, KakaoTalk, NinthChat, OperaBrowser, OutlookMail, Snapchat, Whatsapp, XiaoMiBrowser

    iOS: Momo

  • [Software Update] DRS (Data Recovery System) V17.7.3.2.286 — Major improvements on flexibility & usability that makes your investigations easier and more efficient!

    As an integrated digital forensics & forensic data recovery solution provider, would never stop satisfying clients by keeping updated its software. Here we are excited to announce that newest version of DRS (Data Recovery System) is releasing today!

    Let’s have a look what new features have been added to this all-in-one forensic data recovery tool:

    1. Physical diagnostics is now available for all drives attached to the DRS hardware unit and your PC. Quick Diagnostics, Scan Bad Sector and Sector View are all accessible for drives plugged to the hardware unit or not.

    DRS Forensic data recovery

    2. New file system support: CDFS, UDF, F2FS are now supported for analysis (CDFS & UDF not supported for Pattern Scan).

    Image 2

    3. New image format support: VHD, VHDX.

    DRS Forensic data recovery

    4. New search options: folder name search and time search. Allow users to search for folders with certain keywords or specify a certain time period to narrow down their search.

    DRS Forensic data recovery

    5. New feature in Disk Imaging: large disk image to small disk.

    6. New feature in Hash Calculator: Hash calculation for physical drives.

    DRS Forensic data recovery

    7. New feature in imaging report: authentication of forensic image.

    DRS Forensic data recovery

    8. Multiple bugs fixed.

    Click HERE to learn more about DRS.

[Sassy_Social_Share title="Share To"]

Leave a Reply

  • Your email address will not be published. Required fields are marked*
  • code
    Type the text displayed above:
Previous post ran out of data

Contact us

+86 28 6873 1486
info@salvationdata.com
©Copyright 2004-2021, XLY Salvationdata Technology INC. All Rights Reserved. Terms of Use.