by Oleg Skulkin & Igor Shorokhov
The release of Android Nougat has brought new challenges to mobile forensic examiners: the smartphones running this version most likely have encrypted partitions with users’ data, their bootloaders are locked and classic custom recovery acquisition, which is widely used especially for Samsung smartphones, may not work anymore. But thankfully, things are not always this bad for the examiners. From time to time we find some interesting and original ways to extract data on the physical level from the smartphones we examine. And of course it’s very important to share the knowledge, so we decided to show you a way to perform a physical acquisition of a Samsung Galaxy S7 smartphone running Android 7.0.
The most challenging part of the acquisition process of this device is that it has an encrypted user data partition, and this is the most important part of the smartphone’s memory, as…
View original post 519 more words