Physics extract Big trick "Advanced ADB"???

Recent mobile phone forensics has a very significant breakthrough, is a mobile phone forensics giant Cellebrite first published the "Advanced ADB" physical extraction method, this function has been included in its forensic equipment products ufed 6.1.

This so-called "advanced ADB" physical extraction method, can deal with the wide range of Android phones, listening to the astonishing. Android 4.3~7.1, and the security patch version of Android phones before November 2016, are within the scope of their collection, no one survived, claiming to be able to deal with more than 95% of Android phones, which sounds really too God too strong.

Here is cellebrite on the official website for "Advanced ADB", and a very good video to show you the power of it.

http://blog.cellebrite.com/blog/tag/advanced-adb/

For your information, "Advanced ADB" is a ufed forensics device that sends an extract app (Extraction app) to your phone and runs the utility to mirror the external SD Card. What if the phone doesn't support SD card? Just disconnect the ufed from the phone, and then connect the ready-to-use USB drive to the phone via the OTG cable. Run the Extract app to mirror your phone's internal storage to a USB flash drive and you are done.

Very good ~ As long as you can mirror, then you can use a variety of analysis tools to extract the various traces. As for the memory stick of the image, it is understood that the file system must be FAT32, VFAT, exFAT one of them.

Finally, we return to reason, to objectively discuss the truth behind the killing rate of more than 95%, said that this "advanced ADB" may encounter problems, first of all, it is still with the "premise", as shown, you see hostler see clues, yes, on the one hand to enable USB debugging, Forensics equipment to build a pipeline for the mobile phone, and also need to click on the phone screen operation.

Well, that's not it, it's still an old problem. When faced with a mobile phone that does not have a USB debugging and a screen lock, it is not a matter of trying to lift those levels first.

Finally, according to the younger brother's humble opinion, if encountered by default has been enabled all-computer encryption (FDE) of the phone, in the case of screen lock has not been lifted, even if the mirror can be successfully mirrored, the theory should also be encrypted data protection is the case, so that is also equal to No. Of course, if you can crack the whole machine encryption, that is another story.

Physics extract Big trick "Advanced ADB"???