6.3 Extraction Levels Flashcards
What are the different extraction levels?
Level 1 Manual Extraction Level 2 Logical Extraction Level 3 Physical Extraction Level 4 Chip-off Level 5 Micro Read
Describe what is Level 1 Manual Extraction
Viewing the data content stored on a mobile device by hand
What are the PROS of Level 1 Manual Extraction?
Works on nearly every device
No cables required
Easy to use
What are the CONS of Level 1 Manual Extraction?
Won't get to all data (e.g. no deleted files) Prone to errors Foreign language barrier Broken buttons / devices Time consuming
What are the tools of Level 1 Manual Extraction?
Project-a-phone
ZRT2
Describe Level 2 Logical Extraction
Connectivity between a mobile device & forensics workstation is achieved with connection using wired / wireless connection
What are the PROS of Level 2 Logical Extraction?
Easy to use
Lots of information available
Foreign language support
Repeatable
What are the CONS of Level 2 Logical Extraction?
Won’t get to all data (e.g. no deleted files)
Minimal log file access
Lots of cables
What are the tools of Level 2 Logical Extraction?
XRY
Susteen’s Data Pilot
Describe Level 3 Physical Extraction
Involves cable connection & appropriate software license
What are the PROS of Level 3 Physical Extraction?
Deleted data
Extract data hidden from device menus
Password bypass (maybe)
What are the CONS of Level 3 Physical Extraction?
Requires data conversion
Inconsistent report formats
Limited to specific manufacturers
Some tools came out from hacker community
What are the tools of Level 3 Physical Extraction?
CelleBrite’s UFED Touch Ultimate
Describe Level 4 Chip-off
Acquisition of data directly from a mobile device’s flash memory (requires physical removal of flash memory)
What are the PROS of Level 4 Chip-off?
Extracts ALL data from device memory
Better picture of what is going on holistically in the device