6.3 Extraction Levels Flashcards

1
Q

What are the different extraction levels?

A
Level 1 Manual Extraction
Level 2 Logical Extraction
Level 3 Physical Extraction
Level 4 Chip-off
Level 5 Micro Read
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe what is Level 1 Manual Extraction

A

Viewing the data content stored on a mobile device by hand

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the PROS of Level 1 Manual Extraction?

A

Works on nearly every device
No cables required
Easy to use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the CONS of Level 1 Manual Extraction?

A
Won't get to all data (e.g. no deleted files)
Prone to errors
Foreign language barrier
Broken buttons / devices
Time consuming
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the tools of Level 1 Manual Extraction?

A

Project-a-phone

ZRT2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe Level 2 Logical Extraction

A

Connectivity between a mobile device & forensics workstation is achieved with connection using wired / wireless connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the PROS of Level 2 Logical Extraction?

A

Easy to use
Lots of information available
Foreign language support
Repeatable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the CONS of Level 2 Logical Extraction?

A

Won’t get to all data (e.g. no deleted files)
Minimal log file access
Lots of cables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the tools of Level 2 Logical Extraction?

A

XRY

Susteen’s Data Pilot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describe Level 3 Physical Extraction

A

Involves cable connection & appropriate software license

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the PROS of Level 3 Physical Extraction?

A

Deleted data
Extract data hidden from device menus
Password bypass (maybe)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the CONS of Level 3 Physical Extraction?

A

Requires data conversion
Inconsistent report formats
Limited to specific manufacturers
Some tools came out from hacker community

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the tools of Level 3 Physical Extraction?

A

CelleBrite’s UFED Touch Ultimate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Describe Level 4 Chip-off

A

Acquisition of data directly from a mobile device’s flash memory (requires physical removal of flash memory)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the PROS of Level 4 Chip-off?

A

Extracts ALL data from device memory

Better picture of what is going on holistically in the device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the CONS of Level 4 Chip-off?

A

Data’s not contiguous
No single report format
Difficult to use
May damage chip on extraction

17
Q

What are the tools of Level 4 Chip-off?

A

UP-828

SD flash doctor

18
Q

Describe Level 5 Micro Read

A

Recording physical observation of the gates on a chip with the use of an electron microscope

19
Q

What are the PROS of Level 5 Micro Read?

A

Extract & verify data from device memory

Best picture of what is holistically going on in device

20
Q

What are the CONS of Level 5 Micro Read?

A

Most time consuming
Hard to interpret / convert
Very expensive
Highly technical

21
Q

What are the tools of Level 5 Micro Read?

A

High power microscope