Profile Forcing

The phrase “profile forcing” refers to using an extraction profile of mobile model numbers in and around the model you are seeking to examine when that model is either officially unsupported or for some reason won’t work with the existing profile. Though not a sure thing, this has proved to be a successful attack on problematic phones and yielded information on what might have been a lost cause otherwise.

I used this tactic just today when trying to grab a physical image of a Samsung GT-s5322A. It was officially not supported for a physical or logical download in XRY and Cellebrite. In fact, the phone was being problematic with the NSPRO box as well. As my frustration mounted, I reached for the UFED again and tried a physical dump using the s5230 profile.

Suddenly a beam of light shot from the sky, the clouds parted, and a heavenly choir began to sing…

Well, the extraction started and I did the Geek dance of joy…over 250 MBs of juicy data – yum!

When using this method always be sure to validate the findings and report the success to the vendor so they can do additional research and add it into their profiles for others to enjoy equally in their forensic endeavors.

Mahalo nui loa Cellebrite for making me look like a rock star in Saudi Arabia today!

Advertisements

2 comments

  1. Biedubbeljoe

    Good to see that your digging for oil..:)
    I have asked some time ago if they could automate a profile scan for a new phone as an option in the menu, so the unit will continue try to fit a profile till the phone connects.

    Take care, Biedubbeljoe

Let Me Know Whatcha Think....

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s