±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 1
Overall: 27316
Visitors: 58

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Mobile forensics TIPS [Knowledge Sharing]

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page Previous  1, 2 
  

Re: Mobile forensics TIPS [Knowledge Sharing]

Post Posted: Fri Jan 18, 2013 11:36 pm

Whats the name of the python script that can parse Ms_del.dat?

is there any sort of event log file in the nokia and android devices? and where can you find it?  

CopyRight
Senior Member
 
 
  

Re: Mobile forensics TIPS [Knowledge Sharing]

Post Posted: Mon Jan 21, 2013 3:32 am

- CopyRight
Whats the name of the python script that can parse Ms_del.dat?


You would need to write one, the script which TomP refers to is not in the public domain. Do some reverse engineering on the file and I'm sure you can pull together your own script for the job.
_________________
Colin Mortimer
AirWatch 

Coligulus
Senior Member
 
 
  

Re: Mobile forensics TIPS [Knowledge Sharing]

Post Posted: Mon Jan 21, 2013 5:46 am

- CopyRight
Whats the name of the python script that can parse Ms_del.dat?

is there any sort of event log file in the nokia and android devices? and where can you find it?


Samsung Android devices have a log of SMS/MMS messages with the call entries that a lot of tools don't seem to extract, they are stored in the logs.db file with the calls. HTC devices store their calls in the contacts2.db file. I haven't analysed a HTC for a little while so can't say this hasn't changed but the event log did appear to be something only found on the Samsung devices. I cant comment on other makes as I haven't had them to analyse off the top of my head.

Nokia Symbian devices have an event log and off the top of my head this extracted with XRY, Cellebrite and Oxygen. For series 40 Nokias, the Message Recipients Log (MRL) can be extracted by Oxygen. Remember, the MRL means the message was sent from the handset but may not guarantee that the intended recipient received it.  

TomP
Member
 
 
  

Re: Mobile forensics TIPS [Knowledge Sharing]

Post Posted: Mon Jan 21, 2013 5:49 am

- Coligulus


You would need to write one, the script which TomP refers to is not in the public domain. Do some reverse engineering on the file and I'm sure you can pull together your own script for the job.


Apologies for not being clearer, you will have to write your own for this but it should be fairly straight forward as Coligulus states, a bit of reverse engineering should see you with a working script. As I said though, off the top of my head series 40 3rd edition had something different about them that required a variation on the script. If you have a few handsets, make some test data and go from there.  

TomP
Member
 
 
  

Re: Mobile forensics TIPS [Knowledge Sharing]

Post Posted: Mon Jan 28, 2013 1:07 am

Oh well done guys, the thing i face most in mobile forensics is the capability of knowing if the device was wiped, restored and that date of that event.

Is there any files i should keep on looking at, i know it deffers in different phones.  

CopyRight
Senior Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 2 of 2
Go to page Previous  1, 2