Case Study: Motorola Moto E XT1526 locked out
December 15, 2015
Can you still fit in your Bat Suit?
December 17, 2015

phone

Recovery Type: Mobile Phone
Internal Memory: 4GB
Manufacturer: Alcatel
Model Name: One Touch Fierce 2
Operating System: Android
Carrier: TracFone Wireless (GSM)
Model Number: 7040N
Manufacture Date: 09/2014
Main Symptom: Locked out
Type of Data: Photos, text messages, contacts
Data Recovery Grade: 10

MCP Chip Information
Manufacturer:
Samsung
ID: KMK5X000VM-B314
Serial Number: S2FNXMG0N

20151125_133417Background: open phone

In recent months, Gillware has been handling an increasing number of mobile device data recoveries. While many are personal cell phones containing family photos or important business contacts, our engineers have also been working on some interesting forensic data recoveries for law enforcement agencies. In this case, officers contacted Gillware in need of data recovery in a hurry. This phone, along with one other, were suspected to contain text messages ordering a “hit” on someone. Officers needed photos and text messages from the phone, which were stored in a SQLite database. The suspect in the case would not provide their passcode, so the investigators were effectively locked out of the phone. They turned to Gillware to gain access to this vital information in the case.

 

Evaluation: 

Once Gillware engineers received the phone, they performed a full analysis. We have successfully recovered data from this type of device before, so engineers knew it had an Ext4 file system and that we would likely be able to successfully recover.

board and chip

Recovery: 20151125_133435

The data recovery method used in a lot of  mobile device data recovery is called a “chip off“, in which engineers remove the flash memory chip from the phone and place it in a special adapter used to retrieve the lost data. However, the recovered data was not in a format that was very usable for humans. It would require SQL queries and Unix Time conversion to make a more human-friendly spreadsheet of the recovered data.

 

Results:

Gillware engineers were successful in retrieving the phone’s SQLite database and pictures. This information was provided to the investigators on the case to further their progress. If you are a law enforcement professional looking for forensic data recovery from mobile devices, get in touch with our recovery team.