±Partners and Sponsors
New Today: 0
New Yesterday: 5
· Understanding Cyber Bullying – Notes for Digital Forensics Examiners
· Investigating the Dark Web – The Challenges of Online Anonymity for Digital Forensics Examiners
· The Complete Workflow of Forensic Image and Video Analysis
· Browser Anti Forensics
· Coming apart at the SIEMs …
· WeChat Forensics
· DFRWS Europe 2014 Annual Conference – Recap
· Considering A Career in Audio-Video Forensics? Enhance Your Prospects With Continuing Education
· Forensics Europe Expo 2014 – Recap
±Follow Forensic Focus
How are some SMS encoded within blackberry memory?
Subforums: Mobile Telephone Case Law
Parsed text is:
Let me know when we can have a phone conversation.
In Hex, this phrase is stored as:
03 29 00 17 32 A4 8C 4F 28 DB 69 84 E7 23 C6 41 0F B7 8E 31 EA 76 FB 6E 4C 2B 0E B8 70 75 CE 25 DC 1D 0C 00 00 00 03 29
Other text messages are stored in plain ASCII but I can't figure out what the pattern is, as it appears that both sent and inbox messages are encoded either way. Usually I can sweep the parsed text messages, and look up in the values tab to see how the message is encoded. Most times it's some form of 7Bit PDU encoding.
Is there something else I should be looking for to properly decode this?
Any insight is appreciated!
I have learned this through my contacts and friends from the Northland (Canada), who see BBs much more than we do.
This may be what you are seeing. Just a thought.
Detective, Las Vegas Metro Police Department
Instructor - TeelTech
- Senior Member
So RonS, I'm not sure if you can speak to this, but is there a publicly released method for identifying some of these texts? I've been asked to see if I can find fragments of deleted texts, but I'm not getting any hits, even on keywords that are in allocated SMS already parsed. So I can't do a proper search not knowing how the texts are encoded. Are you able to speak to how Cellebrite PA identifies SMS and decodes it, so that I can attempt to do it myself within Cellebrite PA? I'd understand if you can't release that info.
- Senior Member