- #Forensic image cell phone with oxygen forensics password
- #Forensic image cell phone with oxygen forensics Offline
So we’ve got extractor now waiting on the phone to get into comm mode. So, typical Oxygen fashion, got to check the box, you read the instructions, just in case you didn’t.
#Forensic image cell phone with oxygen forensics password
And then we have to bust that password - that screen password - we saw earlier. So it’s a two phase process, right? First we’re going to extract the data or the physical image, and then we’re going to go back after the keys and the metadata for that. And we’re going to take a look at the directions for the device as extracted, how it was performed then. Now let me scroll over in the list and find my phone and extractor.
And actually, let me zoom out just a little bit here so we can see the test point short and the cable plug at the same time, because it is the magic that requires the most intricate effort. Now I’m going to get crazy and grab some tweezers. So the phone’s upside down: better for the camera. I can’t say that I haven’t hit this point with the wrong thing and seen a spark, but we just want to validate we’ve got the right thing, or I’m going to have to get some tweezers out and hit that point with another metal slot and get the USB cable plugged in at the same time while I’m Affecting the short so we can watch the device manager pull up that comm port that allows to extract. I mean, I guess you could say that if you’re not sparking up some points, you’re not really trying. I mean, we got the right device and the right point. We can see that here’s the test point and the blog, and there’s the test point on the phone, right? And we can do a little couple of other comparisons to say, yeah, that looks like that, that cover looks the same. So give the phone a turn, to kind of line things up, and a little bit of zoom. And it’s kind of right under where the camera would have been and the ribbon cable for the camera.
So if I scroll down here, I can find… there it is. So I’m going to navigate to my phone in the list inside extractor, but first we’re going to use the blog article to find that test point for the Honor 10: which point we should be shorting to get the phone into calm mode. Again, this is the Honor 10, and we’ll bring up the device manager so we can see when the phone is shorted appropriately and we insert the USB cable while it’s being shorted, it is recognized in device manager as that comm port we’ll need it to be for our extraction. However, for our exercise, not only are we going to use our blog, which shows the test point we’ll need to short I want to have the extractor open so we can navigate to this specific phone in the list. I’m surprised I didn’t have a rubber band around it. Things that are going to help me get to this a little more easily. I’ve also cheated to the effect of removed some of the chassis holder pieces, I’ve already extracted the camera. I’ve cheated, I’ve already taken my fantastic heat gun and extricated the back of the phone. So this is a test point operation, which means we have to get into the phone for sure. That’s our key metadata, we’ve got to get in to decrypt our blob after we extract it.
#Forensic image cell phone with oxygen forensics Offline
The whole purpose of that demonstration is to know we have one, because that is going to be imperative when it comes to demonstrating the whole, let’s offline attack that password. And look to see that there is a PIN here. But most importantly here, I’m turning on my Honor. So that’s kind of our goal, as we look through these points we’re going to go through the process, and I’m just going to set up a screen here where we can look at my Honor 10, and work through things and see how they turn out for us.
We’re going to want to take a look at the system on chip of Kirin, and the process of identifying those test points working the extraction and then the most important part is brute forcing offline the password - the secure screen password - because we’ll need that to decrypt the log after we extract it. So it’s very timely that the company had a blog recently that showed the test points for all the Huawei devices, as this is a test point operation to short the phone into a specific mode where we can do that extraction.
In this webinar, we’re going to have a look at Huawei devices, and specifically those that have a Kirin family chipset. Keith: Hey, this is Keith Lockhart, Director of Training at Oxygen Forensics.
0 kommentar(er)
