But i think JTAg or chip off is not that easy way to do in every case. And your device could be damaged.
The pattern lock and/or the passcode of the device is stored in a secure part of the android file system. It's safed as a hash. I think it was a SHA-1.
When you get that data you easily can decode it and get your patternlock or passcode.
There are some solutions to extract physical data without having on USB-debugging. But every solution I know needs to get root rights.
So you need to get some information how to root the device you want to investigate.
There are some howtos describing the axtraction and finding the patternlock hash. Just google for it for more information.
But I think the hardest part is to get (forensic safe) root access.
As much as I know is that the forensic tools like EFED or XRY use a temporarly root-hack or exploit to get the root access. But I dont know if there are any changes to the system memory of the device.
Greets
Patrick
↧