My answer is a mix between "it depends" and "most likely not". Why? FTK does not do any mobile device extraction, so it can only work with what it is given. FTK parses the artifact data of what was extracted through solutions like Cellebrite's UFED or Grayshift's Graykey. So if it is an allocated file only extraction, there is very little to carve out (more on that later). Also, most phones use file based encryption. This means that when a file is deleted, so is the pointer, and the decryption key that is used to make the file visible. That creates a major hurdle in recovering files that require carving even on a physical extraction. It depends, because FTK's carving can recover embedded files. In the mobile space this could be something "deleted" or hidden in a database or other file. Rare... but that is the "it depends"
can we recover deleted data from mobile phones using this soft
My answer is a mix between "it depends" and "most likely not". Why?
FTK does not do any mobile device extraction, so it can only work with what it is given. FTK parses the artifact data of what was extracted through solutions like Cellebrite's UFED or Grayshift's Graykey. So if it is an allocated file only extraction, there is very little to carve out (more on that later). Also, most phones use file based encryption. This means that when a file is deleted, so is the pointer, and the decryption key that is used to make the file visible. That creates a major hurdle in recovering files that require carving even on a physical extraction.
It depends, because FTK's carving can recover embedded files. In the mobile space this could be something "deleted" or hidden in a database or other file. Rare... but that is the "it depends"