MAC timestamps in A...
 
Notifications
Clear all

MAC timestamps in Android 4.4.2

5 Posts
4 Users
0 Likes
614 Views
(@anirudhrata)
Posts: 17
Active Member
Topic starter
 

Hi all, the phone I am currently examining is a HTC Desire 816 running Android 4.4.2. The items in question are the call recordings done on the phone. There is a suspicion that the recorded files were planted.

I have done logical extraction and file system extraction in Cellebrite UFED Touch ultimate. There are a few recorded files in /shared location of that app. But UFED shows only one timestamp ( modified date) for those files. And for some files the timestamp is missing entirely. Is there any other way I could get created date or any other timestamp from the logical or FS dump? Thanks.

 
Posted : 04/07/2015 9:44 am
(@trewmte)
Posts: 1877
Noble Member
 

Have a look and see if Riff Box can help

http//www.riffbox.org/?s=HTC+Desire+816

 
Posted : 04/07/2015 3:38 pm
(@anirudhrata)
Posts: 17
Active Member
Topic starter
 

Right now I cannot get a Riff Box to try that out. Only UFED and Oxygen are available, but anyway thanks for the help.

 
Posted : 05/07/2015 9:37 pm
nightworker
(@nightworker)
Posts: 134
Estimable Member
 

go to ufed analyser and search that timestamp in binary mode after that look other bytes manually

 
Posted : 06/07/2015 3:03 pm
OxygenForensics
(@oxygenforensics)
Posts: 143
Estimable Member
 

Hi all, the phone I am currently examining is a HTC Desire 816 running Android 4.4.2. The items in question are the call recordings done on the phone. There is a suspicion that the recorded files were planted.

I have done logical extraction and file system extraction in Cellebrite UFED Touch ultimate. There are a few recorded files in /shared location of that app. But UFED shows only one timestamp ( modified date) for those files. And for some files the timestamp is missing entirely. Is there any other way I could get created date or any other timestamp from the logical or FS dump? Thanks.

In Oxygen have you tried physical dump or Android backup extraction method? What app are you trying to analyze?

 
Posted : 07/07/2015 3:52 pm
Share: