Have you ever had a mobile device just drop dead and stop working for you? If so, you probably took it to a mobile repair shop, where someone looked at it and said they could repair your device, but the data saved on it would be lost forever. Sound familiar?
Maybe you went for a second opinion by trying a different place where they told you that with their high-tech, super amazing forensic software, they could retrieve the data, but it would be costly. By this time, you probably started wondering if the data could be recovered and if it is a complicated process.
The truth is that there is no solid answer for any of these. However, there are nuances that you should be aware of that could help you sometime in the future if your mobile device ups and dies on you for no apparent reason.
It is important to start by pointing out that there are several different possible failure types with mobile devices. The upside is that, for the most part, there are just two factors that play a vital role in the data recovery process. That’s right, it comes down to just two.
- Factor 1: Era before FBE (File Based Encryption)
- Factor 2: Era after FBE (File Based Encryption)
File Based Encryption
File-based encryption is a method where every file on the partition has its own encryption key. This happens to be a far more secure method of encryption, permitting different levels of user access and keeping deleted data from being recovered.
Now that you have that knowledge, let’s take a short trip back in time and learn a little more about when manufacturers first introduced these methods.
Android
Android began supporting file-based encryption in Version 7.0 and became enforced by default in Version 10. To encourage users to use the feature, Android devices running Versions 7 to 9 came equipped with FBE. At that time, users had the choice to implement full-disk encryption or file-based encryption.
iPhone
According to Apple, the iPhone 4 was the last time FBE was not being used by their devices.
What this boils down to is that either Android or Apple devices with FBE enforced render data recovery impossible.
Ah, but there are exceptions.
Exception #1
- When your device is not suffering from any form of software corruption.
Exception #2
- When your device experiences a power issue with the circuitry, it is an easy fix for a repair shop that is higher tier than your typical one or from an actual data recovery center.
A Little-Known Secret
The phrase “data recovery is impossible” is not what you want to hear; I know that. So, here’s my follow-up question to that statement:
“How do the FBI and Police recover data from mobile devices?”
I’m going to tell you that they can’t. They cannot retrieve deleted or factory reset data from phones. Hinting that they can do this is nothing more than a scare tactic or random propaganda.
They can do this, though: the FBI or Police can subpoena the cell carrier, cloud storage providers (think Google Drive, iCloud, and others), and social media entities to hand over data that they have in storage. This is the real way most of these agencies “recover” data. They can also brute-force passcodes on all but the newest phones using tools like Graykey or Cellebrite.
Oh, but don’t worry. These tools will give them access to data but only data that has not been deleted.
Chip Off Forensics
If you know about chip-off forensics, you may think data recovery is possible. For those unaware of chip-off forensics, it is a method where chips from the PCBs ((Printed Circuit Boards) are removed to dump data. It’s actually a question we get asked here a lot at Aesonlabs. I would ‘guesstimate’ that I hear the question about chip-off forensics daily.
Thanks to FBE, chip off forensics has become irrelevant in the data recovery industry.
DIY Recovery
Before FBE was enforced, you could recover deleted files from Android devices in several ways. The best part is that this was possible with your computer, and you did not need to turn to a data recovery specialist for assistance. All you required to complete this was patience and some basic computer knowledge. It wasn’t all that hard back in the day.
But don’t just believe what I’m telling you here. Why not do a little investigating on your own about this? I’ll help you go in the right direction with the following article. It will take you to a comprehensive tutorial on making a sector-by-sector copy from an Android phone’s internal memory storage.
Beware of the scam
Now, circle back to what I was saying at the beginning of this article. Yes, there are plenty of places that will tell you they have the tools, software, hardware, and expertise to bypass or decrypt anything encrypted on a mobile device. They will tell you incredible stories about how they cracked codes and popped open secret doors or whatever they had to do to salvage deleted files.
The fact is that these so-called experts are nothing more than scam artists.
Read that line one more time. Don’t get sucked in by the promise from a slick salesperson convincing you that deleted files on a phone are an easy recovery job. Especially if you happen to have a reasonably recent phone. Older devices can be manipulated to cough up deleted files, but not in every case.
Reviews are not what they seem
Okay, let’s look at the 5-star rating system you may encounter when investigating one of these so-called data recovery experts. You will surely see several 5-star reviews and heaps of praise crediting the company with saving files that “I thought were lost forever” or something like that. Yes, it will sound impressive. It will look amazing on any expensive-looking, slick website.
However, what you may not know is that there are freelancers out there who are paid to post such reviews on these services to help give them an excellent online reputation. So, tread lightly when you encounter positive reviews on Google, social media, or websites and when you are researching a company that claims it can recover deleted cell phone files.
If you aren’t sure, or your spidey senses are telling you something, there is a way to find out more about who the scam artists are, which should assist you in weeding out the “experts” to avoid. The website Scam Adviser is a good, legitimate source through which to filter your choices. Not only will they help you identify a scammer, but if you have, for some reason, been taken advantage of by one, you can report it. This will help alert others and keep them from falling into a trap.
Another good source of information is the Better Business Bureau, which promotes good business operators and exposes some bad ones you don’t want to get involved with.
The Bottom Line
As is always the case, if something sounds too good to be true, it probably isn’t true. Don’t be fooled by someone who makes a grand promise and tugs at your heartstrings. Sure, it may be a massive deal to recover those photos you did not save to the Cloud or backup in some other way that somehow got deleted. With File Based Encryption (FBE), recovery is usually impossible.
I’m sorry to break that news to you, but you need to know it, and I’d rather you get that news from me than someone who turns around and scams you and produces no results after you have paid a lot on nothing more than a fake promise.
About the author
Yevgeniy Kapishon is a hardcore techno enthusiast, senior data recovery engineer, and blogger at ADRS® Aesonlabs Data Recovery Systems. He lives in Toronto, Canada, and likes to wander the back alleys of his neighborhood or watch his favorite sci-fi flicks in his free time.
Want a heads-up whenever a new article drops? Subscribe here
