±Partners and Sponsors

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 7
Overall: 26917
Visitors: 57

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Deleted BBM extraction from physical or chip-off

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

Deleted BBM extraction from physical or chip-off

Post Posted: Mon Sep 03, 2012 10:56 am

Since the interest in BBM messages is still very relevant, I would like to share with you that the next UFED Physical Analyzer release will add deleted BBM extraction from the physical dumps and chip-offs.

This is a fruit of a long research that ended with success.

Ron Serber  

RonS
Senior Member
 
 
  

Re: Deleted BBM extraction from physical or chip-off

Post Posted: Mon Sep 03, 2012 12:19 pm

As a fan of the Chipoff process with Blackberry's, this is good news......B  

sideshow018
Senior Member
 
 
  

Re: Deleted BBM extraction from physical or chip-off

Post Posted: Mon Sep 03, 2012 10:22 pm

Hi Ron

If a user of a BB smartphone has
i) 'exhausted' the ten password attempts and
ii) failed to gain access eg thus data erased by the BB smartphone
can you confirm which data can be recovered by the new UFED in the above circumstances?

Thank you.

I have recently been asked about BB regarding i) and ii). For the avoidance of doubt I have in mind BB knowledge base:

KB10385 btsc.webapps.blackberr...HelperImpl

Multiple attempts to type in a password prompts a warning that data will be wiped from the BlackBerry smartphone

Environment

BlackBerry® smartphones



Overview

You have typed an incorrect password into your BlackBerry® smartphone up to five times and received a warning that the next failed attempt will wipe the data from your BlackBerry smartphone.



Cause

As a security feature, the BlackBerry smartphone is designed to allow a maximum of 10 attempts by the BlackBerry smartphone user to type the correct password. After the tenth attempt, if the correct password has not been typed, all data is erased from the BlackBerry smartphone in order to discourage its theft or misuse.

The counter for the incorrect password is shared between the BlackBerry smartphone, BlackBerry Desktop Software and a BlackBerry Bridge connection to a BlackBerry PlayBook tablet. If the password is entered incorrectly in any of these locations, the counter will be reflected on the smartphone.



Resolution

If you are certain that the password you are typing into the BlackBerry smartphone is correct, complete the following steps:

Note: If you are using the Duress Notification Address policy, skip steps 1 through 3 (for more information regarding the Duress Notification Address policy, refer to page 53 of the Policy Reference Guide).

Deliberately type in an incorrect password five times on your BlackBerry smartphone.
Before the BlackBerry smartphone allows a further attempt, you will be prompted to type the word blackberry in plain text.
Instead of asterisks, the text you have been entering for the password will now show in plain text. Check to verify that it is correct.
If the password is still being rejected by your BlackBerry smartphone as incorrect, connect the BlackBerry smartphone to a computer that has BlackBerry® Desktop Manager installed.
A prompt will appear in BlackBerry Desktop Manager to type the password for the BlackBerry smartphone. Type your password to rule out missed key strokes, incorrect symbols, or a problem with the BlackBerry smartphone.

Note: If you do not use the alt or shift key when entering the password on the BlackBerry smartphone, the password will consist of the corresponding letters on the keypad.
If the password that you typed is still rejected and your BlackBerry smartphone is on a BlackBerry® Enterprise Server that has software version 4.0 or later, contact your BlackBerry Enterprise Server administrator and request that your password be reset.

Note: Research In Motion does not have:
Access to your existing BlackBerry smartphone password.
The ability to change the password for you.

If you are not on a BlackBerry Enterprise Server or using BlackBerry Protect, and you have forgotten your password, there is no way to have the password changed without wiping all data from your BlackBerry smartphone.
_________________
Institute for Digital Forensics (IDF) - LinkedIn
Mobile Telephone Examination Board (MTEB) - LinkedIn
Mobile Telephone Evidence & Forensics trewmte.blogspot.com
ForensicMobex now MTEB Linkedin Subgroup 

trewmte
Senior Member
 
 
  

Re: Deleted BBM extraction from physical or chip-off

Post Posted: Tue Sep 04, 2012 1:50 am

Sounds exciting Ron! Very Happy  

Doug
Senior Member
 
 
  

Re: Deleted BBM extraction from physical or chip-off

Post Posted: Tue Sep 04, 2012 9:28 am

trewmte,

Blackberry physical extraction is not limited to the new UFED Touch, it is also available on UFED Classic.

Regarding your question, the physical extraction itself does not provide a solution for locked devices.
For locked devices, the solution would be to perform a chip-off and then use UFED Physical Analyzer to decode that chip-off image. This process will yield deleted BBM messages using the next UFED PA version.

Ron  

RonS
Senior Member
 
 
  

Re: Deleted BBM extraction from physical or chip-off

Post Posted: Fri Nov 16, 2012 4:35 am

Ron,

Does the cellebrite UFED have the capability to decrypt a chip-off image that is from devices that had both password protection and content-protection (encryption) enabled?  

mobileterry
Newbie
 
 
  

Re: Deleted BBM extraction from physical or chip-off

Post Posted: Fri Nov 16, 2012 7:41 am

mobileterry,

Generally the answer is yes, but it depends on the device and the BB OS version.

Ron  

RonS
Senior Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 2
Go to page 1, 2  Next