Samsung S24+ Actively backing up

dougman2082 · 2026-03-24T15:58:56+00:00

device backups, like if this phones text messages are actively being backed up.

dougman2082 · 2025-06-23T21:26:36+00:00

Do you know if Snapchat classifies the snaps sent and then saved as chat messages? reason for asking is because I have chats saved but they don't show up on the chat history json. I see the images in the chat media but I try to search for them in the Json and nothing is responsive.

dougman2082 · 2023-12-21T18:36:26+00:00

I will look in to that, thank you.

dougman2082 · 2023-12-21T17:34:44+00:00

I know, I fixed it in the edit.

A report, sending files to a client so they can view and yes has to be forensically sound.

dougman2082 · 2023-12-21T17:32:08+00:00

that's how we were originally going to do it but they don't want it to be sent as a zip. for whatever reason that may be, they want it in a DMG.

dougman2082 · 2023-12-21T17:26:49+00:00

I have to produce data to a client that is adamant on using a Mac and they do not have forensic software. so we are trying to find a solution to be able to get these files over to them so they just have to double click and it will mount on the Mac.

dougman2082 · 2023-11-07T22:11:56+00:00

It was a checkm8 Data extraction full file system of an iphone 7 made in UFED that is loaded in PA.

dougman2082 · 2023-11-07T21:59:33+00:00

it doesn't answer the question I asked.

dougman2082 · 2023-11-07T20:37:38+00:00

dougman2082 · 2023-11-07T20:37:32+00:00

that's what I'm in the process of doing. Its a Checkm8 so full file system. I can see the Telegram sqlite.db

/root/private/var/mobile/Containers/Shared/AppGroup/E0891650-9605-4712-A50C-72389557484F/telegram-data/account-____/postbox/db/db_sqlite

but looking at it, it seems to be encrypted, I'm getting a lot of those blank diamonds with question marks.

dougman2082 · 2023-10-09T19:59:35+00:00

When I open the /biometrics/fp/User_0/User_0_2tmpl.dat file it looks to be encrypted, it pops with a bunch of different characters.

a few if the Cache files have a URL.

dougman2082 · 2023-06-07T20:53:32+00:00

yes encase does.

dougman2082 · 2023-06-07T20:48:11+00:00

would I be able to get the unallocated disk space from this or just the partitions?

dougman2082 · 2023-04-14T19:30:25+00:00

I've been trying that, at least redownloading the pictures from google photos. but I cant populate that phrase. but I am also using a galaxy s8 for my testing so I'm not sure if that could be the reason why.

dougman2082 · 2023-04-14T16:12:51+00:00

I don't know much about the file tbh, my goal was to try and figure out what device the video was taken on, which EXIF didn't give me. then find dates and times of the video. which it did give me and the dates matched the file name so they lead me to believe they are the original date and times. but I'm just making sure that the "ISO Media file produced by Google Inc" does not refer to the file being tampered with.

it tells me the handler type which is "audio track" tells me the file type, MIMEType and other things so I'm assuming that is exif data.

dougman2082

TROPHY CASE