Recovery Mode of a Samsung Galaxy

By using the volume up button and the power button of a Samsung Galaxy, you can get into the recovery modus.  As soon as the Androidlogo apears and the touchscreenlits up, you must touch the left button (next to the home button) 

The screen will darken and after a few seconds you will get menu-options, which you can select by using the volume up and down buttons. 

You can navigate to “wipe data/factory reset”.

For security reasons you have to confirm by navigating to : “Yes **  Delete al user data”

One would expect after a wipe data, there will be no data left to be found. 

Never the less there is a lot to be found!

After the above mentioned factory reset, we imaged the phone using the UFED Touch. 

A full physical image was made (there was no micro SD Card in this phone. 

After the extraction of the phone we found there where at least pictures to be found. 

The image was looked at in Winhex.

Here we saw there where traces of Whatsapp to be found. 

Whe mounted the image and saw multiple user-folders, containing user-data. 

The folder DCIM/Camera/ contained pictures and movies. 

The folder Whatsapp/Database/ contained several whatsapp databases, containing chat history. 

Using Belkasoft Evidence Center, we investigated traces of other use of the phone. we found traces of the use of Twitter, Kik, Whatsapp, Facebook and SMS. 

After a factory reset there might be traces to be found....If it is important, be sure you wipe the device properly.