Nokia Lumia 634 RM9...
 
Notifications
Clear all

Nokia Lumia 634 RM974

6 Posts
4 Users
0 Likes
945 Views
(@dandaman_24)
Posts: 172
Estimable Member
Topic starter
 

Morning All,

I'm manually examining a Lumia 634, going through some SMS on the device, which are pertinent to the investigation. However the SMS only show the date the message was received / Sent. There are no times displayed.

I have looked through display settings and 'googled' for an answer, but no luck.

Any idea how I can get SMS times to be displayed ?

 
Posted : 02/10/2015 3:53 pm
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

Dandaman

If you have consent from the phone owner, you may want to try to root the phone and then acquire data from the phone itself.

Steps and tools

1) Root the phone using Chimera Tool ( https://chimeratool.com/)

Your device is listed as a Nokia Lumia *635* RM-974 or RM-975. The Chimera Tool says it is a Beta version for your device, by the way.

2) Once rooted, use FTK Imager (www.accesdata.com) to create a .E01 "Physical" image of the device.

3) Mount the FTK Imager created forensic image file using FTK Imager or GetData's MountImagePro.

4) Use TestDisk (http//www.cgsecurity.org/wiki/TestDisk) to view and copy out folders and files from the mounted image file's partitions

5) Ingest the TestDisk exported files and folders into your preferred analysis tool (EnCase, Forensic Explorer, XWays) to identify SQLite database files. Analyze the SQLite database files to extract communications, including times and dates.

Regards,

Larry

 
Posted : 02/10/2015 8:38 pm
(@dcs1094)
Posts: 146
Estimable Member
 

That seems to be a common theme among most of the Lumia models from a manual point of view anyway…

You could use eMMC In-System Programming (ISP) to create a binary image - I carried out this process yesterday on a 635 (RM-974) with success. You could then process the store.vol which contains the SMS incl. timestamps with your tool of choice to decode them e.g. UFED PA or there's now an 'add-on' for Forensic Browser for SQLite, which allows processing of ESE databases.

 
Posted : 03/10/2015 1:58 am
(@dandaman_24)
Posts: 172
Estimable Member
Topic starter
 

Thanks for the info… I have ISP kit from Forensic Navigation ( which is in my other office) Do you have any schematics on this device your willing to point me to ? I know they're different models, just to get a feel of the board layout, hopefully they are laid out the same under the hood. PM me image / info if you want.

Unfortunately I don't have the Chimeratool in my armory, so this is out of the window for now.

Thanks
Dan

 
Posted : 04/10/2015 10:20 am
(@andysayers)
Posts: 13
Active Member
 

Hi Dan, the schematics for the 635 are in the CODED resources section on the forensic navigation website.

 
Posted : 14/10/2015 9:55 pm
(@dandaman_24)
Posts: 172
Estimable Member
Topic starter
 

Hi Andy,

I've just seen your schematics for the handset, somewhat more detailed than the ATF box instructions.

 
Posted : 21/10/2015 10:37 am
Share: