Well, I just wasted hours of my life that I’ll never get back.
“But Mike,” you say concerned, “Whatever do you mean? How can I help?”
You see, I foolishly tried to install a copy of Windows 8 64 bit as my OS to use with Cellebrite’s Physical Analyzer and MSAB’s XRY Complete. And I got…bubkes.
Oh the software seemed to run right, yes indeedy. But the dongles wouldn’t work. Neither WIBU or HASP.
“Mike, did you check to see if Win 8 was supported by Cellebrite or MSAB?”
I thought I’d give it a shot. I wanted it to work. I figured as long as I was updating my wheezy XP box, I’d go to the latest OS….
…and I got burned. No soup for me.
Ahh, well at least I’m a good example. Three things though
1. Dongle vendors UPDATE YOUR DRIVERS
2. DON’T TRY TO USE WIN 8 for PA or XRY (yet!)
3. Don’t be like me – RTFM!
Have a good one 😉
The phrase “profile forcing” refers to using an extraction profile of mobile model numbers in and around the model you are seeking to examine when that model is either officially unsupported or for some reason won’t work with the existing profile. Though not a sure thing, this has proved to be a successful attack on problematic phones and yielded information on what might have been a lost cause otherwise.
I used this tactic just today when trying to grab a physical image of a Samsung GT-s5322A. It was officially not supported for a physical or logical download in XRY and Cellebrite. In fact, the phone was being problematic with the NSPRO box as well. As my frustration mounted, I reached for the UFED again and tried a physical dump using the s5230 profile.
Suddenly a beam of light shot from the sky, the clouds parted, and a heavenly choir began to sing…
Well, the extraction started and I did the Geek dance of joy…over 250 MBs of juicy data – yum!
When using this method always be sure to validate the findings and report the success to the vendor so they can do additional research and add it into their profiles for others to enjoy equally in their forensic endeavors.
Mahalo nui loa Cellebrite for making me look like a rock star in Saudi Arabia today!
Nice mention for Katana Forensics, MSAB and Cellebrite!