Digital forensic investigations from more than 22,000 working and non-working mobile devices including smartphones, tablets, cellular phones, smartwatches and portable GPS devices.
OUR CAPABILITIES INCLUDE:
- Physical data extraction from more than 5,000 mobile devices, including:
- Android devices while bypassing pattern lock (password/PIN) by using custom boot-loaders enabling accurate and forensically sound data recoveries from more than 2,300 devices including HTC, Motorola, Samsung Galaxy S, SII, SIII, S4, S5, S6, S6 Edge and Note 5.
- Most Apple IO devices.
- Access to locked devices by bypassing, revealing or disabling the user lock code.
- BlackBerry® devices running OS 4-7 with exclusive decoding: BBM data, apps, emails, Bluetooth etc.
- Locked Nokia BB5 devices, including password extraction from some devices.
- Logical data extraction from more than 9000 mobile devices.
- The extraction and decoding of application data, passwords (user lock codes), emails, call history, SMS & MMS, IM (instant messaging), contacts, calendar, media files, location information, phone details (IMEI/ESN), ICCID and IMSI, SIM location information (TMIS, MCC,MNC,LAC) etc. plus the generation of easy-to-read reports if required.
- File system and logical extraction for iPhone 6S, 6S Plus and 6C devices.
- File system data extraction from more than 3700 mobile devices including extraction from any device running Windows Phone 7.5 and 8 including Nokia, HTC, Samsung, Huawei and ZTE.
- Password recovery from more than 1300 mobile devices.
WE EMPLOY FOUR MOBILE DEVICE INVESTIGATION LEVELS:
Extraction of the logical file system where a physical data extraction is not yet possible. This does not include the recovery of unallocated space but in some cases enables the extraction of deleted files.
Deleted database records such as call log entries, contacts, messages (MMS/SMS) etc. can in some cases be extracted following a file system, physical or hardware extraction process.
A bit-by-bit copy (clone) is made of the flash memory (including unallocated space) bypassing the operating system by accessing the internal flash memory directly. It is in some cases possible to bypass user locks or passcodes as well as enabling the acquisition of intact (unaltered) hidden or deleted data.
Unallocated space may contain deleted data like SMS records, call logs, phonebook entries, media files such as photos and videos, deleted passwords, installed applications, geotags, location information, GPS fixes, emails, chats etc.
This is an advanced process of extracting data from a physically damaged (e.g. broken, faulty, dead, water damaged etc.) mobile device. The process could include taking the device apart and removing the memory and other chips using techniques like JTAG and chip-off. It is typically a complex and time-consuming process taking 2-8 weeks on average.