Making complex data simple and compelling
From digital device to digital evidence
Unlock your vehicle's digital evidence potential
Forensic Analysis and Enhancement
Investigating and analyzing financial records
Gain access to the online accounts of deceased loved ones
Clear, precise evidence for a messy world
Expert reports to suit your specific needs
We can locate people anywhere
Stop worrying and learn the truth
Prevent, Detect, Respond To Cyberattacks
First response is crucial. Every minute counts.
The first response is critical to reduce liability
Detection & Removing Spyware Services
Reduce your electronic risk from digital transmittals
Find out who you are really talking to
Experienced, Confidential Services
Swift, professional incident response
Complicated cases require compelling digital facts
Find, recover and document digital evidence
Bring solid evidence before a judge
Cases can be investigated using Social Media
Divorce, custody battles, and other
Win the most important battle of your life
Everything you need
Effective Expert Witness in Court
Evidence shows who is telling the truth
Subpoena power yields strong evidence
Digital evidence can build a strong defense
Go to court with compelling digital evidence
The function of passwords extraction from dumps of the devices running Windows Phone operating system appeared in the newest version of the program “Oxygen Forensic Detective”. Some users of the program may have question how does it work. In this article, we are going to tell about the function of this program.
Extraction of memory dumps from Windows Phone mobile devices
Windows phone
In order to create a full memory copy of such devices it is recommended to use the following methods:
It should be mentioned that:
Figure 1. Log of the locked memory chip analysis.
Password extracting
In order to extract a lock code, you need to open the “Oxygen Software Extractor” program and chose option « Windows Phone 8 JTAG image ».
Figure 2. Main window of the program “Oxygen Software Extractor”.
Locate the full memory copy of a mobile device and press “Next”
Figure 3. Selection of full memory copy of a mobile device.
In the next window, you need to check that the data is put correctly and if it is correct then press “Extract”.
Figure 4. Window of the input data validity check the “Oxygen Software Extractor” program.
After it the process of data extraction from the chosen dump will start.
Figure 5. The process of the dump extraction.
If the file that contains hash code is found in the full memory of the mobile device, the program «Passware Password Recovery Kit Mobile» will start automatically. It will decipher the hash and provide the deciphered data to the program “Oxygen Software Extractor”.
Figure 6. The process of password recovery via «Passware Password Recovery Kit Mobile».
When the data extraction is finished, the screen lock password will be shown in the section “Device information”.
Figure 7. Information about the detected screen lock password.
Conclusion.
An access to the “alive” data that is in the memory of a mobile device can be vital in the specific types of investigations. In this article, we have demonstrated the function of a screen lock password extraction from the full memory copy of the devices running Windows Phone operating system of the program “Oxygen Forensic Detective”.
References:
Authors:
Igor Mikhaylov & Oleg Skulkin
Save my name, email, and website in this browser for the next time I comment.
Δ
Speak to a Specialist Now
Get Help Now