It’s no question that Samsung devices are one of the most popular in the world. Knowing this, we are constantly improving our support for Samsung devices by introducing new extraction methods and alternative sources of data. Some time ago, our blog discussed how Oxygen Forensic® Detective could be utilized to extract Samsung data from locked Samsung Exynos devices, SmartSwitch backups, and the cloud.
Our latest update, Oxygen Forensic® Detective v.13.5, significantly expands on our previous support for Samsung Exynos devices.
Let’s have a closer look at the new features.
Support for Samsung Exynos devices with Android OS 9-10
Investigators will now have the ability to perform full file system extractions of Samsung devices running pre-installed versions of Android OS 9 and 10 with File-Based Encryption (FBE). If a user passcode is set on a device, it should be entered in the corresponding field in the software. Unlike our Samsung Exynos method for Android OS 7-9 devices with Full-Disk Encryption (FDE), this new method does not currently include the brute force capability.
This updated method supports over 60 popular Samsung devices, including Samsung Galaxy A20, Samsung Galaxy A30, Samsung Galaxy A40, Samsung Galaxy A50, Samsung Galaxy S10, Samsung Galaxy S10+, Samsung Galaxy S10 5G, Samsung Galaxy S20 FE (Fan Edition), etc.
To extract data from a supported Samsung device, please select the Samsung Exynos method in Extractor and follow the instructions.
Investigators can always verify if a device is supported by checking the Extractor Supported Devices list or in the General Supported Devices list found in program options.
Secure Folder extraction
Secure Folder is a private storage space where users can store private data like photos, videos, files, apps, etc. According to the manufacturer’s site, Secure Folder is protected by a defense-grade Samsung Knox security platform, ensuring security during any malicious attacks. A passcode or biometric lock can also be added to guarantee security.
Starting with Oxygen Forensic® Detective v.13.5, investigators can extract and decrypt all data available in the Samsung Secure Folder. This process is done automatically when investigators use the Samsung Exynos Dump method to extract any supported Samsung Exynos device with FBE and pre-installed Android OS 9 and 10.
Support for Samsung Qualcomm devices
The Android logical file system extraction method now offers a new exploit that allows investigators to gain root rights and extract logical file systems from unlocked Android devices running Android OS 7-10 and based on Qualcomm chipsets. The Security Patch Level (SPL) must be no later than December 2020. Among other devices, this approach supports unlocked Samsung devices to include Samsung A5, Samsung S9, Samsung S9+, and Samsung Note 9.
To use this method, select the Android logical file system method in our Oxygen Extractor and follow the instructions.
To try our improved Samsung Device support or any other features, do not hesitate to contact us for a demo license.