Windows Phone Foren...
 
Notifications
Clear all

Windows Phone Forensics

8 Posts
5 Users
0 Likes
527 Views
(@jithins53)
Posts: 1
New Member
Topic starter
 

Hi,
I am developing a tool that will perform full physical acquisition of Windows Phone7/8,but none of the methods for Android or Windows Mobile (WinCE 6.5 and earlier) seems to be working. The users do not have access to system or app files of the phone. And so far I couldn't find any APIs that have sufficient privileges to access these contents. Can somebody help me??

 
Posted : 18/02/2014 9:53 am
(@brunomac)
Posts: 16
Active Member
 

Believe me, not easy…

 
Posted : 09/09/2014 8:30 pm
 RonS
(@rons)
Posts: 358
Reputable Member
 

We are working on this too )

 
Posted : 12/09/2014 2:53 pm
alex101
(@alex101)
Posts: 105
Estimable Member
 

A good starting point would be to parse the files and data fully/correctly first. Then those of us that are recovering data from Windows Phone devices could spend less time doing it "old school" style.
Cellebrite Analyzer and X-Ways both do a pretty good job parsing the file system from a binary dump but this leaves most the important stuff to be done with external tools/viewers/scripts.
I guess it's being worked on and we will see some results soon… eh RonS? -)

 
Posted : 12/09/2014 3:59 pm
 RonS
(@rons)
Posts: 358
Reputable Member
 

yes, it is coming very soon with SMS, Calls and Contacts.
More data types will come later.

Ron

 
Posted : 12/09/2014 10:15 pm
Bendroid
(@bendroid)
Posts: 35
Eminent Member
 

Oxygen is capable to perform logical & pysical dumps with their extraction wizard. Though I've never needed it yet, isn't it sufficient what they do?

 
Posted : 13/09/2014 12:18 am
 RonS
(@rons)
Posts: 358
Reputable Member
 

Check your details again.
There is no physical extraction solution for Windows Phone devices.

 
Posted : 13/09/2014 3:21 am
Bendroid
(@bendroid)
Posts: 35
Eminent Member
 

Check your details again.
There is no physical extraction solution for Windows Phone devices.

Thanks for the hint, I indeed missed that one.

Cheers,
Ben

 
Posted : 13/09/2014 7:44 pm
Share: