±Partners and Sponsors
New Today: 0
New Yesterday: 5
· Safer Internet Day
· Webmail Forensics – Digging deeper into Browsers and Mobile Applications
· Operation Endeavour: The Tip of the Iceberg?
· Forensic analysis of the ESE database in Internet Explorer 10
· WhatsApp – discovering timestamps of deleted messages
· Man In The Middle Attack: Forensics
· Extracting Evidence from Destroyed Skype Logs and Cleared SQLite Databases
· Windows 8 File History Analysis
· Understanding Rootkits: Using Memory Dump Analysis for Rootkit Detection
±Follow Forensic Focus
How are some SMS encoded within blackberry memory?
Subforums: Mobile Telephone Case Law
Parsed text is:
Let me know when we can have a phone conversation.
In Hex, this phrase is stored as:
03 29 00 17 32 A4 8C 4F 28 DB 69 84 E7 23 C6 41 0F B7 8E 31 EA 76 FB 6E 4C 2B 0E B8 70 75 CE 25 DC 1D 0C 00 00 00 03 29
Other text messages are stored in plain ASCII but I can't figure out what the pattern is, as it appears that both sent and inbox messages are encoded either way. Usually I can sweep the parsed text messages, and look up in the values tab to see how the message is encoded. Most times it's some form of 7Bit PDU encoding.
Is there something else I should be looking for to properly decode this?
Any insight is appreciated!
I have learned this through my contacts and friends from the Northland (Canada), who see BBs much more than we do.
This may be what you are seeing. Just a thought.
Detective, Las Vegas Metro Police Department
Instructor - TeelTech
- Senior Member
So RonS, I'm not sure if you can speak to this, but is there a publicly released method for identifying some of these texts? I've been asked to see if I can find fragments of deleted texts, but I'm not getting any hits, even on keywords that are in allocated SMS already parsed. So I can't do a proper search not knowing how the texts are encoded. Are you able to speak to how Cellebrite PA identifies SMS and decodes it, so that I can attempt to do it myself within Cellebrite PA? I'd understand if you can't release that info.
- Senior Member