Surface RT Acquisition – Instructions & Software

Surface-RT-with-cyan-coverAs of one month ago and to the best of our knowledge, there was no documented process for acquiring a forensic image of a Microsoft Surface RT device. The reason for this is there are two major challenges inhibiting standard acquisition techniques. #1 is the fact that in order for binaries to execute on the Surface RT they need to be signed by Microsoft and #2 is the Surface RT contains an ARM processor and therefore all binaries must be compiled specifically for the ARM.

Fortunately a “Jail Break” has been release for Surface RT devices which can enable unsigned code to execute on the Surface RT.

And now, Lock and Code have released a basic set of binaries and batch files to assist with acquiring the Surface RT. The “acquisition_tools” zip file along with a paper titled “Acquisition of Microsoft Surface RT” are available for download below. These resources along with the Jail Break and a suitably sized USB device are all you need to create a forensic image (E01) of the Surface RT.

 

 

Acquisition Tools v1.00
Acquisition Tools v1.00
acquisition_tools.zip
Version: 1.00
1.4 MiB
1698 Downloads
Details
Acquisition of Windows RT
Acquisition of Windows RT
LockCode_Acquisition_of_Microsoft_Surface_RT.pdf
Version: 1.01
974.4 KiB
5641 Downloads
Details