Our remote filesystem acquisition service implies the creation of full or partial data copies at filesystem level. The results of a remote filesystem extraction are the same with a filesystem acquisition done In-Lab, just the device does not need to be shipped to us. Creating a filesystem dump of the device will contain the active data found the partitions. This is the second method of data acquisition we recommend for any device!
Remote filesystem acquisition of Android devices
Currently we support remote filesystem acquisitions of devices with Android up to the latest version. Before actually doing a remote filesystem data extraction, we need to check the device vendor, the device model and the Android version running on the device. Since we use different techniques for remote filesystem extractions, it is trivial to know as much informations as possible about your device.
Depending on the device vendors and the chipsets used, we might be able to remotely acquire full or partial filesystems of Android devices, which are user locked as well, bypassing the user locks.
When the device is rooted, filesystem extraction of the device could be also possible. The extracted data will contain a full or a partial copy of the user data partition. Partial filesystem extractions might contain the data of the used user lock.
In case of open devices, you can enable USB debug option from the developer settings. With USB debug enabled, many phones and tablets permit partial filesystem extractions over ADB, even if the device is not rooted. Using this extraction method over ADB, both the system and user data will remain intact, but the cache content of the phone and it’s operational timeline will be slightly modified.
If the previously mentioned methods fail, but you know the user screen lock, we can try rooting the device and start the acquisition right after that. Generally by rooting the device, its operating system’s filesytem will be minimally modified, but the user data should not be altered in any way. We use this method for filesystem acquisition as a last resort.
In some situations the remote filesystem acquisition of the Android devices is not possible. In those cases, it is highly recommended to try our Remote Mobile Logical Acquisition. The disadvantage of the logical acquisitions is that compared to the physical and filesystem acquisitions, the acquired data is less and it won’t contain any kind of deleted informations.
There are situations when none of the remote acquisition solutions would work. If you encounter such a device, we recommend you using our In-lab Forensics services. Please contact us for any further technical details!
Remote filesystem acquisition of Apple devices
Currently we support remote filesystem acquisition of Apple devices with known passcode. The remote filesystem acquisition will have the same result as done In-Lab locally, just you don’t need to ship the device to us.
Depending on the data needed, sometimes the filesystem acquisition of an Apple device is not worth the time and hassle. In those cases, it is highly recommended to try our Remote Mobile Logical Acquisition. The disadvantage of the filesystem acquisitions is that compared to the physical acquisitions, some of the deleted data and some metadata informations can’t be extracted from the device.
Remote filesystem acquisition of Microsoft devices
We support remote filesystem acquisitions of Microsoft unlocked devices. The remote filesystem acquisitions are possible only if you know the device user lock and you can unlock the device and allow the USB communication.
Remote filesystem acquisition of other mobile devices
We encounter on daily basis some older device models and feature phones with branded or other custom operating systems. Depending on the device vendors, device models and the state of the devices (locked or unlocked), in some cases we are able to do remote filesystem extractions.
In some situations the remote filesystem acquisition of these devices is not possible. In those cases, it is highly recommended to try our Remote Mobile Logical Acquisition.