6Ara
What can forensic analysts extract from a fully encrypted phone? [closed]
I was very disappointed to hear that my friend, who had his Android phone seized not too long ago, has had his phone broken by police forensics.
As far as I know, it was a few years old, Samsung, and had a 20-digit password.
It seems that encryption meant nothing, however, as he has received court documents notifying him that the police used Cellebrite to perform a 'full file disk extraction'.
It seems that the encryption on his fully updated phone has been broken.
Questions:
With this type of extraction, can forensic analysts get his device password from the dump, in plain text?
Full file disk encryption means more than just an image of the device, right? Everything should be assumed to be compromised at this point, correct?