±Partners and Sponsors

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 1
New Yesterday: 3
Overall: 26801
Visitors: 81

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Deleted BBM extraction from physical or chip-off

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page Previous  1, 2 
  

Re: Deleted BBM extraction from physical or chip-off

Post Posted: Fri Nov 16, 2012 3:49 pm

Thanks Ron,

How long does the decoding/decryption usually take if strong encryption and password protection are turned on? (from a chipoff image) Doesn't it have to brute-force the password or key?  

mobileterry
Newbie
 
 
  

Re: Deleted BBM extraction from physical or chip-off

Post Posted: Sat Nov 17, 2012 3:47 am

It depends on many factors and will not always work.
See PM  

RonS
Senior Member
 
 
  

Re: Deleted BBM extraction from physical or chip-off

Post Posted: Thu Nov 22, 2012 5:31 am

Gregg,

To answer your question I think that you will have no luck getting anything back if the device has had the passcode entered incorrectly X times and caused a wipe to commence.

I had this same issue with a customer who gave me 12 variations of a password to try, obviously I was going to only be able to try 10 of those, so, after prioritising the list of 12, 10 passwords were entered, each of which was unsuccessful. The device commenced the wiping operation. I attempted to remove the battery and replace, but the wiping continued once the battery was replaced.

After this I took a physical acquisition using UFED and got absolutely nothing back. It is my understanding that the wipe operation doesn't just replace the file system but actually zeros out the memory space first.

If my memory serves me correctly it was an 8520 which I did this on.

Colin
_________________
Colin Mortimer
AirWatch 

Coligulus
Senior Member
 
 
  

Re: Deleted BBM extraction from physical or chip-off

Post Posted: Thu Nov 22, 2012 7:12 am

Thanks Colin, appreciate your reply. You are confirming with the model you tested what the early report wrote about BB's on-board security enabled wipe capability is still relevant today.
_________________
Institute for Digital Forensics (IDF) - LinkedIn
Mobile Telephone Examination Board (MTEB) - LinkedIn
Mobile Telephone Evidence & Forensics trewmte.blogspot.com
ForensicMobex now MTEB Linkedin Subgroup 

trewmte
Senior Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 2 of 2
Go to page Previous  1, 2