If downloaded FFU contains unsupported OS version, the tool will download another FFU and extract files it needs from it.įigure 2.
The first one is FFU or Windows Full Flash Update file, the second – emergency files for the model you are working with. First of all, you should download two or more files the tool will need to unlock the phone. Once you connect the phone to you workstation, the tool will automatically detect its model. For example, we had a locked phone, and there were more than 1 000 000 seconds for the next unlock try, but we successfully created a physical image with WPinternals and decoded it with Oxygen Forensic Detective.
It’s important to note, that this technique works even with locked phones. The tool allows to unlock bootloader and gain root access to the phone. For quite a long time the only option of physical extraction has been JTAG or Chip-off techniques, but thanks to security researchers, this time Heathcliff, now we have a tool, which can help digital forensics professionals to create physical dumps of a number of WP models. Nevertheless, sometimes we have to forensicate such devices, so it’s very important to have methods of fast and simple data extraction. Windows Phones are not frequent guests of our digital forensic lab, especially now, as Microsoft stopped developing the platform.