±Your Account
Membership:
New Today: 0
New Yesterday: 7
Overall: 24203
Visitors: 44±Latest Webinar
±Latest Articles
· Android Forensics
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
±Follow Us
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
Go to page Previous 1, 2
You would need to write one, the script which TomP refers to is not in the public domain. Do some reverse engineering on the file and I'm sure you can pull together your own script for the job.
_________________
Colin Mortimer
FishNet Security
Samsung Android devices have a log of SMS/MMS messages with the call entries that a lot of tools don't seem to extract, they are stored in the logs.db file with the calls. HTC devices store their calls in the contacts2.db file. I haven't analysed a HTC for a little while so can't say this hasn't changed but the event log did appear to be something only found on the Samsung devices. I cant comment on other makes as I haven't had them to analyse off the top of my head.
Nokia Symbian devices have an event log and off the top of my head this extracted with XRY, Cellebrite and Oxygen. For series 40 Nokias, the Message Recipients Log (MRL) can be extracted by Oxygen. Remember, the MRL means the message was sent from the handset but may not guarantee that the intended recipient received it.
Apologies for not being clearer, you will have to write your own for this but it should be fairly straight forward as Coligulus states, a bit of reverse engineering should see you with a working script. As I said though, off the top of my head series 40 3rd edition had something different about them that required a variation on the script. If you have a few handsets, make some test data and go from there.
Mobile forensics TIPS [Knowledge Sharing]
Re: Mobile forensics TIPS [Knowledge Sharing]
Posted: Fri Jan 18, 2013 11:36 pm
Whats the name of the python script that can parse Ms_del.dat?
is there any sort of event log file in the nokia and android devices? and where can you find it?
is there any sort of event log file in the nokia and android devices? and where can you find it?
-
CopyRight - Senior Member
Re: Mobile forensics TIPS [Knowledge Sharing]
Posted: Mon Jan 21, 2013 3:32 am
- CopyRightWhats the name of the python script that can parse Ms_del.dat?
You would need to write one, the script which TomP refers to is not in the public domain. Do some reverse engineering on the file and I'm sure you can pull together your own script for the job.
_________________
Colin Mortimer
FishNet Security
-
Coligulus - Senior Member
Re: Mobile forensics TIPS [Knowledge Sharing]
Posted: Mon Jan 21, 2013 5:46 am
- CopyRightWhats the name of the python script that can parse Ms_del.dat?
is there any sort of event log file in the nokia and android devices? and where can you find it?
Samsung Android devices have a log of SMS/MMS messages with the call entries that a lot of tools don't seem to extract, they are stored in the logs.db file with the calls. HTC devices store their calls in the contacts2.db file. I haven't analysed a HTC for a little while so can't say this hasn't changed but the event log did appear to be something only found on the Samsung devices. I cant comment on other makes as I haven't had them to analyse off the top of my head.
Nokia Symbian devices have an event log and off the top of my head this extracted with XRY, Cellebrite and Oxygen. For series 40 Nokias, the Message Recipients Log (MRL) can be extracted by Oxygen. Remember, the MRL means the message was sent from the handset but may not guarantee that the intended recipient received it.
-
TomP - Member
Re: Mobile forensics TIPS [Knowledge Sharing]
Posted: Mon Jan 21, 2013 5:49 am
- Coligulus
You would need to write one, the script which TomP refers to is not in the public domain. Do some reverse engineering on the file and I'm sure you can pull together your own script for the job.
Apologies for not being clearer, you will have to write your own for this but it should be fairly straight forward as Coligulus states, a bit of reverse engineering should see you with a working script. As I said though, off the top of my head series 40 3rd edition had something different about them that required a variation on the script. If you have a few handsets, make some test data and go from there.
-
TomP - Member
Re: Mobile forensics TIPS [Knowledge Sharing]
Posted: Mon Jan 28, 2013 1:07 am
Oh well done guys, the thing i face most in mobile forensics is the capability of knowing if the device was wiped, restored and that date of that event.
Is there any files i should keep on looking at, i know it deffers in different phones.
Is there any files i should keep on looking at, i know it deffers in different phones.
-
CopyRight - Senior Member