Ukukhipha idatha kumadivayisi e-Android kuba nzima kakhulu nsuku zonke - kwesinye isikhathi ngisho kunokusuka ku-iPhone. U-Igor Mikhailov, uchwepheshe we-Group-IB Computer Forensics Laboratory, ikutshela ukuthi wenzeni uma ungakwazi ukukhipha idatha ku-smartphone yakho ye-Android usebenzisa izindlela ezijwayelekile.
Eminyakeni embalwa edlule, mina nozakwethu saxoxa ngemikhuba ekuthuthukisweni kwezindlela zokuphepha emishinini ye-Android futhi safika esiphethweni sokuthi kuzofika isikhathi lapho uphenyo lwabo lokucwaninga luzoba nzima kakhulu kunamadivayisi we-iOS. Futhi namuhla singasho ngokuqiniseka ukuthi lesi sikhathi sesifikile.
Ngisanda kubuyekeza iHuawei Honor 20 Pro. Ucabanga ukuthi yini esikwazile ukuyikhipha kusipele sayo esitholwe kusetshenziswa insiza ye-ADB? Lutho! Idivayisi igcwele idatha: ulwazi lwekholi, incwadi yocingo, i-SMS, imiyalezo esheshayo, i-imeyili, amafayela emidiya exubile, njll. Futhi awukwazi ukukhipha noma yikuphi kwalokhu. Umuzwa omubi!
Yini okufanele uyenze esimweni esinjalo? Isixazululo esihle ukusebenzisa izinsiza zokusekela ngobunikazi (i-Mi PC Suite yama-smartphones e-Xiaomi, i-Samsung Smart Switch ye-Samsung, i-HiSuite ye-Huawei).
Kulesi sihloko sizobheka ukudalwa nokukhishwa kwedatha kuma-smartphones e-Huawei kusetshenziswa insiza ye-HiSuite kanye nokuhlaziya kwabo okwalandela kusetshenziswa i-Belkasoft Evidence Center.
Yiziphi izinhlobo zedatha ezifakiwe kuzipele ze-HiSuite?
Izinhlobo ezilandelayo zedatha zifakiwe kuzipele ze-HiSuite:
- idatha emayelana nama-akhawunti namaphasiwedi (noma amathokheni)
- imininingwane yokuxhumana
- izinselele
- Imiyalezo ye-SMS ne-MMS
- amafayela e-multimedia
- Isizindalwazi
- imibhalo
- ezinqolobaneni
- amafayela ohlelo lokusebenza (amafayela anezandiso.odex, .ngakho, apk)
- ulwazi oluvela ezinhlelweni zokusebenza (ezifana ne-Facebook, Google Drive, Google Photos, Google Mails, Google Maps, Instagram, WhatsApp, YouTube, njll.)
Ake sibheke ngokuningiliziwe ukuthi isipele esinjalo sidalwa kanjani nokuthi singasihlaziya kanjani kusetshenziswa iBelkasoft Evidence Center.
Yenza ikhophi yasenqolobaneni ye-smartphone yeHuawei usebenzisa insiza ye-HiSuite
Ukuze udale ikhophi eyisipele ngesisetshenziswa sobunikazi, udinga ukuyilanda kuwebhusayithi futhi ufake.
Ikhasi lokulanda le-HiSuite kuwebhusayithi yeHuawei:
Ukuze ubhanqe idivayisi nekhompyutha, kusetshenziswa imodi ye-HDB (Huawei Debug Bridge). Kunemiyalo enemininingwane kuwebhusayithi ye-Huawei noma kuhlelo lwe-HiSuite ngokwalo yokuthi ungayenza kanjani imodi ye-HDB isebenze kudivayisi yakho yeselula. Ngemva kokuvula imodi ye-HDB, vula uhlelo lwe-HiSuite kudivayisi yakho yeselula bese ufaka ikhodi eboniswe kulolu hlelo lokusebenza efasiteleni lohlelo lwe-HiSuite elisebenza kukhompyutha yakho.
Iwindi lokufaka ikhodi enguqulweni yedeskithophu ye-HiSuite:
Phakathi nenqubo yokwenza isipele, uzocelwa ukuthi ufake iphasiwedi, ezosetshenziselwa ukuvikela idatha ekhishwe kumemori yedivayisi. Ikhophi eyisipele edaliwe izotholakala endleleni C:/Abasebenzisi/%Iphrofayili yomsebenzisi%/Amadokhumenti/HiSuite/isipele/.
Isipele se-smartphone yeHuawei Honor 20 Pro:
Ukuhlaziya isipele se-HiSuite kusetshenziswa i-Belkasoft Evidence Center
Ukuhlaziya isipele esiwumphumela usebenzisa dala ibhizinisi elisha. Bese ukhetha njengomthombo wedatha Isithombe seselula. Kumenyu evulayo, cacisa indlela eya kumkhombandlela lapho isipele se-smartphone sitholakala khona bese ukhetha ifayela ulwazi.xml.
Icacisa indlela eya kukhophi yasenqolobaneni:
Ewindini elilandelayo, uhlelo luzokutshela ukuthi ukhethe izinhlobo zama-artifact odinga ukuzithola. Ngemva kokuqala ukuskena, hamba kuthebhu Isiphathi Somsebenzi bese uchofoza inkinobho Lungiselela umsebenzi, ngoba uhlelo lulindele ukuthi iphasiwedi isuse ukubethela isipele esibethelwe.
Inkinobho Lungiselela umsebenzi:
Ngemva kokususa ukubethela kwekhophi yasenqolobaneni, Isikhungo Sobufakazi Be-Belkasoft sizokucela ukuthi ucacise kabusha izinhlobo zezinto zobuciko ezidinga ukukhishwa. Ngemuva kokuthi ukuhlaziya sekuqediwe, ulwazi mayelana nama-artifact akhishiwe lungabukwa kumathebhu I-Case Explorer и Uhlolojikelele .
Imiphumela yokuhlaziya isipele yeHuawei Honor 20 Pro:
Ukuhlaziywa kwesipele se-HiSuite kusetshenziswa uhlelo lwe-Mobile Forensic Expert
Olunye uhlelo lwe-forensic olungasetshenziswa ukukhipha idatha ku-backup ye-HiSuite .
Ukucubungula idatha egcinwe kusipele se-HiSuite, chofoza inketho Ingenisa izipele efasiteleni lohlelo olukhulu.
Ucezu lwewindi elikhulu lohlelo lwe-“Mobile Forensic Expert”:
Noma esigabeni Ngenisa khetha uhlobo lwedatha engenisiwe Isipele sikaHuawei:
Ewindini elivulayo, cacisa indlela eya kufayela ulwazi.xml. Uma uqala inqubo yokukhipha, kuzovela iwindi lapho uzocelwa khona ukuthi ufake igama-mfihlo elaziwayo ukuze ukhiphe isipele se-HiSuite, noma usebenzise ithuluzi le-Passware ukuzama ukuqagela le phasiwedi uma ingaziwa:
Umphumela wokuhlaziywa kwekhophi eyisipele kuzoba iwindi lohlelo elithi “Mobile Forensic Expert”, elibonisa izinhlobo zezinto zobuciko ezikhishiwe: izingcingo, abathintwayo, imilayezo, amafayela, okuphakelayo komcimbi, idatha yohlelo lokusebenza. Naka inani ledatha ekhishwe ezinhlelweni ezahlukahlukene zalolu hlelo lwe-forensic. Kukhulu nje!
Uhlu lwezinhlobo zedatha ezikhishiwe kusipele se-HiSuite kuhlelo lwe-Mobile Forensic Expert:
Isusa ukubethela izipele ze-HiSuite
Yini okufanele uyenze uma ungenazo lezi zinhlelo ezinhle? Kulokhu, iskripthi sePython esakhiwe futhi sagcinwa nguFrancesco Picasso, isisebenzi seReality Net System Solutions, sizokusiza. Ungathola lesi script kokuthi , futhi incazelo yalo enemininingwane eminingi ingaphakathi "I-decryptor eyisipele yeHuawei."
Isipele se-HiSuite esisuswe ukubethela singase singeniswe futhi sihlaziywe kusetshenziswa izinsiza ze-forensic zakudala (isb. ) noma ngokwenza.
okutholakele
Ngakho, usebenzisa insiza yokusekela ye-HiSuite, ungakhipha i-oda lobukhulu bedatha kuma-smartphones e-Huawei kunalapho ukhipha idatha kumadivayisi afanayo usebenzisa insiza ye-ADB. Naphezu kwenani elikhulu lezinsiza zokusebenza ngomakhalekhukhwini, i-Belkasoft Evidence Centre kanye ne-Mobile Forensic Expert ziphakathi kwezinhlelo ezimbalwa ze-forensic ezisekela ukukhishwa nokuhlaziywa kwezipele ze-HiSuite.
Imithombo
Source: www.habr.com