How To Recover Data After Factory Reset Android

A study conducted by the University of South Wales under the leadership of Prof. Andrew Blyth and Steve Mellings looks at data security when smartphones are reset to the factory state, based on the recommendations of Blackberry, Apple and Android (HTC and Samsung), and the effect on the possibility of recovering the data deleted from the device. For the investigation method, structured data was stored on the devices before resetting them to the factory state, after which the smartphones were examined by means of forensic software for traces and residues regarding the old data. The growth of the Internet and network speeds has created new opportunities to create and store a variety of documents on mobile devices such as smartphones and tablets. This has allowed users to be productive in a more mobile way, but has also created many security concerns within organizations (BYOD). A wide variety of apps also allow users to control their in-house “IT”, be it regulating heating or online banking applications, managing social profiles and status messages on Twitter, Facebook and Google or similar social networks. Research points out that a lot of personal information can be found on smartphones purchased on the second-hand market, this data allows conclusions to be drawn about the user or user behavior. Although there are already use cases for the use of forum-safe analytics software on smartphones, there are no best use recommendations for proper and residue-free data erasure on the smartphone itself. While there are countless studies for forensic techniques for data recovery on specific operating systems such as Windows, there has been no such study for reconstruction-proof data erasure when resetting to factory settings on the smartphone. This has led to many problems in the past regarding the supposed ease with which data is recovered after resetting to the delivery state. The aim of the study, of various 3G / 4G smartphone models, was thus to show users of these devices possible solutions to how they can destroy their stored personal information on these devices in a reconstruction-proof manner before they dispose of or resell the old devices. For the study, 24 smartphones from various manufacturers were examined, covering all common operating systems, including BlackBerry, iOS and Android OS.

Smartphone make/model Smartphone brand/model
BlackBerry Bold Touch 9900 BlackBerry Torch 9810
BlackBerry Curve 8320 BlackBerry Pearl 8120
BlackBerry Curve 8900 BlackBerry Torch 9800
BlackBerry Curve 9320 BlackBerry Pearl 8110
BlackBerry Curve 8520 BlackBerry 8800
BlackBerry Curve 8310 BlackBerry Pearl 9105
BlackBerry Bold 9700 Apple iPhone 3G
Apple iPhone 3GS Apple iPhone 4
Apple iPhone 4S Apple iPhone 5
Apple iPhone 5C Apple iPhone 5S
HTC Wildfire HTC Wildfire S
Samsung Galaxy Ace 2 i8160 Samsung i8190 Galaxy S III Mini
HTC ChaCha Samsung i9100 Galaxy S II

[Table 1 – Makes and Models of 3G/4G Devices ] In order to flag the possibility of each device being recoverable, the ADISA threat matrix was used. This contains a threat indicator and compromising methodologies of different categories. These labels were used as indicators for the forensic benchmark.

Risk level and categorization of compromising capability

Risk Level Threat and compromise suitability for data erasure.
1 Causal or opportunistic threat. Possibility of no-invasive attack scenarios through software attacks via freeware, operating system tools and COTS products.
2 Commercial data recovery companies using destructive or invasive software as well as destructive hardware attacks. .
3 Commercial computer forensics companies that can perform invasive and indestructive software and hardware attacks using COTS products.
4 Commercial computer forensic companies that can perform Neinn-invasive / Neinn-destructive, as well as invasive and destructive software and hardware attacks, using COTS products.
5 Government and law enforcement agencies with advanced technology with access to all types of software and hardware based attacks with unlimited time and resources to recover deleted data.

Methodology

Smartphones were checked for proper functionality during the study, after which the battery of each device was fully charged. A factory reset, i.e., resetting the smartphone to its factory default state, was then performed: – Use of standardized forensic toolset to generate an identical image of the memory contents – A SIM card was inserted into the device to ensure full 3G / 4G functionality. However, some devices had a SIM lock, thus the following mobile providers were used for the study: O2, EE and Vodafone. The device was then switched on and a WIFI network connection was established. – Data was uploaded to the device using the internal specific device applications: – Using the internal camera, taking a series of 25 predefined photos – Using the internal camera, taking a series of 5 predefined videos. – Creation of 10 predefined contacts using the device’s respective contact manager. – Creation of 10 appointments with a respective length of 1 st. – Creation of internal SMS / MMS messages, series of 10 predefined messages that were sent and received – Use of the internal phone book, series of 5 predefined entries / calls – Creation of a browser history via Wi-Fi and execution of a Google search with two predefined search queries – Recording of wav audio files from a computer to the smartphone and playback of the files for consistency checks – After all data had been recorded on the smartphone, the devices were switched off and on again. Immediately after this, the forensic images were created and the images created were then checked to see if all the recorded device data could be found in the image. – After that, each device was reset to its factory settings according to the manufacturer’s guidelines. – After the devices were reset, a forensic image was again created on each smartphone and analyzed as follows: – Cellbrite UFED Pyhsical Analyzer version 3.8.7.7 – File Carving with Blade version 1.9.12045.05.

Checking the existence for the following file types:

  • Pictures / Video, Calendar, Contacts, Audio, SMS/MMS and Phonebook.

Data mining for the following file types:

  • Pictures / Video, Calendar, Contacts, Audio, SMS/MMS and Phonebook.

Analysis of the following file types:

  • Compressed files (GZIP, RAR and ZIP), file types (PDF and RTF), email data (Outlook and Microsoft Mail), Microsoft Office (2003 and 2007).
  • Audio data (MP3 and WAV), videos (Flash, AVI, MPEG and Windows Media), Internet (HTML and XML).

Image creation process

Image creation was generated on each device following strict rules. Each device was handled in compliance with forensic standards. For the image generation Cellbrite UFED (version 2.2.5.4) was used with the respective device specific data interface. The UFED device was then connected to a PC running Windows 7 via a USB port. The UFED device was operated as a client and delivered the data from the smartphone to the imaging software on the PC (UFED Logical Analyzer 3.8.7.7). The UFED device was operated with a write protection / write blocker that prevented data from being written to the smartphone in the imaging process. Wherever possible, the devices were physically imaged and in cases where this was not possible, a logical image of the device was created.

Results:

Smartphone manufacturer + model Type of image creation / data restored (Yes / No)
BlackBerry Bold 9900 Pyhsical No
BlackBerry Torch 9810 Pyhsical No
BlackBerry Pearl 8120 Pyhsical No
BlackBerry Curve 8900 Pyhsical No
BlackBerry Curve 8320 Pyhsical No
BlackBerry Torch 9800 Pyhsical No
BlackBerry Curve 9320 Logical No
BlackBerry Pearl 8110 Pyhsical No
BlackBerry 8800 Logical No
BlackBerry Curve 8310 Pyhsical No
BlackBerry Pearl 9105 Pyhsical No
Apple iPhone 3G Pyhsical No
Apple iPhone 3GS Pyhsical No
Apple iPhone 4 Pyhsical No
Apple iPhone 4S Pyhsical No
Apple iPhone 5 Pyhsical No
Apple iPhone 5S Pyhsical No
Apple iPhone 5C Pyhsical No
Samsung i8160 Pyhsical Yes
Samsung i8190 Pyhsical Yes
HTC Wildfire S Pyhsical Yes
HTC Wildfire Pyhsical Yes
HTC ChaCha Pyhsical Yes
Samsung i9100 Galaxy S2 Pyhsical Yes
The data that could be recovered after resetting the Android devices to factory defaults include the following files:

– Phonebook entries and contacts – SMS, MMS and IM. – Calendar – call logs – pictures / videos and music. – Apps

Result and conclusion

In summary, it can be stated that by resetting smartphones to the factory settings, smartphones from the manufacturers Blackberry and Apple, data previously installed on the device is deleted in a reconstruction-proof manner. This is to an extent that no file fragments will be found even when using forensic tools, such as those used by law enforcement agencies in Germany. Any possibility of recovery, no matter how theoretical, can be completely ruled out. Speculatively, the better performance of Android and Blackberry can be attributed to the fact that both manufacturers’ software and hardware have special chip-level functions that ensure that old data is deleted without leaving any residue and cannot be restored. The situation is somewhat different for smartphones with Android operating systems. In this case, the study was able to reconstruct data even after resetting the smartphone to its factory settings. It was also found that even resetting a smartphone to factory settings several times is not enough to completely delete all data. We can only speculate why this is the case. The most likely theory is that Android devices are an operating system that runs on very different hardware platforms and chip technologies. Thus, Android developers are not able to integrate their software platform, or elementary parts of it, into the hardware platform. This also means that no corresponding functions can be implemented that would be required for a residue-free deletion in the reset process.

Application examples – advice for customers who want to securely erase their smartphones

The question regarding secure smartphone data erasure always comes at the end of a device’s usage cycle. The biggest problem here, however, is how to determine whether or not the data is completely erased when a factory reset is performed. 1. When disposing of Blackberry and Apple smartphones, a factory reset can be considered a perfectly acceptable solution for secure personal data erasure. For Android smartphones, it is advisable to look for alternative and secure forms of smartphone data erasure, either through specialized Android smartphone data erasure software or through the physical destruction of the device itself. In this case, the software provider or service provider should have liability insurance against product defects and the company should offer a detailed way to audit and document the erasure process. When it comes to the physical destruction of smartphones, there is one environmental, health and safety aspect that must be taken into account: the battery. This should be taken into account when making offers as well as when asking customers. So before you get the idea to lay your own hands on the smartphone to destroy it in a do-it-yourself process, you should talk to experts beforehand. For higher volumes, e.g. for large-scale disposal projects in the corporate sector, the same logical requirements apply as described above, but with the small difference that a tracking procedure for the individual devices should be implemented to ensure that a factory reset, or a deletion via third-party providers, has been carried out on all devices and, if necessary, none has been forgotten. It is advisable to use specialized companies to enable a controlled collection of the devices, audit them and then perform the data erasure on all devices. Regardless of the operating system, these devices are inventoried using the IMEI number within these processes and documented accordingly in the subsequent certificate for secure data erasure.

  • Homepage
  • Download
  • Instructions

HOW DO I FORMAT AND DEFRAGMENT MY HARD DRIVE? Before you sell your Android device, you should definitely remove all data. We explain how to make recovery impossible.

  1. Android: preparation for data destruction
  2. Encrypt files
  3. Reset device to factory settings
  4. Overwrite free memory
  5. Reset as a repair measure
  6. Android: Create a backup in advance

Few devices contain as many sensitive and private files as a smartphone. Whether photos, videos or audio recordings, no one wants to run the risk of these files falling into the wrong hands. However, simply resetting your device can’t guarantee that the new owner won’t be able to restore the contents. You need to take additional measures to securely erase your files. Securely Erase Files & Disks Before selling or disposing, all data should be thoroughly erased from disks. Simply formatting the hard drive or deleting individual files is not enough here. If you really want to play it safe, you should use special tools for consistent data destruction.

Android: Preparation for data destruction

And in this guide, we’ll show you how to do that. In the next sections, we will explain how to reset your device to factory settings. However, we recommend you to create a backup beforehand. You can learn how to perform a comprehensive backup of your Android device in the instructions at the end of this article. If you have already created a backup, you can start removing the data. To do so, simply follow the instructions below step by step. To do this, start by encrypting your files. Important for older Android versions Since Android 6.0 Marshmallow, the encryption of data stored on Android devices is enabled by default. If you are using an older Android version on your device, you should enable this feature retroactively to make it more difficult to possibly recover your data.

Encrypt files

  1. 2Open the settings on your smartphone and tap on the menu item “Security”. Now scroll down to the item “Encrypt phone” and open it.
  2. 3Tap “Encrypt phone” twice in succession to activate the data protection feature. Note that you should always leave the power adapter connected during encryption.

Resetting the device to factory settings

  1. 4 Now it is time for the factory reset. You can usually find the corresponding setting under the menu item “Backup and reset” in the settings of your Android device.
  2. 5Tap on “Factory reset” and then on “Reset phone”. Depending on the manufacturer, the path for the factory reset may differ slightly.
  3. All settings and files on your phone or tablet will be deleted. During the process, the device will restart automatically.

Overwrite free memory

  1. After the internal memory of your Android device has been wiped and the reboot is complete, you will find yourself in the initialization screen. Set up the device again with your Wi-Fi access and Google account.
  2. 7Now download the free iShredder app. Open the app and tap directly on “Start”. Of course, you can also use other apps that guarantee secure data deletion.
  3. 8Click on “Free” in the iShredder app. Then tap “Next” several times and grant the app the appropriate permissions, if requested.
  4. 9Finally, you will get to the overwrite method prompt. Here, scroll down to “3 rounds: US AR380-19” and finally click on “Shred”. Repeat this process several times if necessary. The process can take quite a while depending on the size of your memory.
  5. After the overwriting process is complete, reset the phone as described in step 2 without setting up the device again.

Reset as a repair measure

If you only have problems with your Android smartphone and do not want to sell it, a factory reset is also an option. Just take a look at our tutorial on this topic.

Android: Create a backup in advance

Before you delete all data from your device, you should create a backup for yourself in case you still want to use the data for some reason or restore it on another device.

  • ” Tip: The best VPN providers for more security and data protection
  • ” Insider: Buy or pre-order PS5: Here you have the best chances

Don’t miss a thing with the NETZWELT newsletter Every Friday: The most informative and entertaining summary from the world of technology! How To Recover Data After Factory Reset Android.




Leave a comment

Your email address will not be published. Required fields are marked *