Hi!
I am currently trying to see how it is possible to analyse a windows RT Surface. First, I must thank you for the tools you created. I succesfully used them to acquire the tablet I have.
However, I must confess that I am a bit puzzled regarding the utility of acquiring the physical drive: True, that is a real forensic acquisition. But as the main partition is crypted, I can not manage to recover any personnal data.
By the way, I am very confused with this crypting: the tablet I use to make the test does not have any password set, and bitlocker is not activated (no key can be recovered).
I tried recovering erased data from the drive C, with very few success. I still managed to recover one file, which proves that finding erased files is not a completly lost cause.
I am now trying other way to access the date, as jailbreaking plus connecting the device to internet is something I do not like. I still do not know what to do without the password or if we encounter a windows RT 8.1.
I am trying to but the tablet in the EFI directly and see what can be done from there, but it does not seems to work.
I was also thinking about desoldering the eMMC chip and analysed directly what's inside. But if I can not uncypher the C: partition, it would be useless.
Is there anyone who managed to boot on another OS from a USB drive? It seems to be possible, but I havent't yet managed to do it.
↧