Mobile Phone Hex Du...
 
Notifications
Clear all

Mobile Phone Hex Dumping - Solutions and advice needed  

s1lang
(@s1lang)
Member

Hi,
Firstly a courteous hello as this is my first post on this very informative forum.

However I am in need of advice.

I am a work placement student on my placement as part of my Forensic Computing Degree, very little is covered in regards to the mobile side of forensics on the course.

I started my placement two weeks ago, which involves mobile and PC investigations.

I am looking for advice on recommendations in regards to the software and hardware involved in "hex dumping" of the mobile handset.

What do the experts use for the extraction and then subsequent analysis of the dumps.
The reason I ask is I will be advising on the purchases of these products, so any help would be greatly appreciated.

Thank you
Simon

Quote
Topic starter Posted : 05/09/2008 3:10 pm
jeffcaplan
(@jeffcaplan)
Member

To be honest, the majority of people performing mobile device forensics do not analyze physical hex dumps. I'm not saying there aren't people who do, but by and large it's not common practice. First, because it requires a level of sophistication, training and knowledge which far surpasses the average LEO and also because the software which is able to perform physical acquisitions of mobile devices is not as prevalent as software which can do logical only acquisitions.

The best platform I've seen for doing physical grabs of a mobile device's memory is Microsystemation's XACT (http//www.msab.com/en/mobile-forensic-products/XACT-mobile-forensic-application/). Then there's also Paraben's Device Seizure (http//www.paraben-forensics.com/cell_models.html). You can check out this list from Paraben which lists which software performs acquisitions on certain model phones http//www.paraben-forensics.com/model-comparison.html Be warned, however that the list is incomplete and not 100% accurate (and obviously, somewhat bias)

Jeff

ReplyQuote
Posted : 05/09/2008 6:54 pm
BitHead
(@bithead)
Community Legend

AccessData has a mobile device examiner that requires FTK 2.0.

Oxygen Forensic Suite 2 is also a viable option.

Of course there are others BitPim, Cell Phone Analyzer & CPA SIM Analyzer, GSM .XRY, MOBILEedit!, TULP 2G. See this e-evidence info link for more info and links.

Check out this (albeit somewhat dated) paper from NIST or this subsequent report from NIST.

ReplyQuote
Posted : 05/09/2008 7:22 pm
s1lang
(@s1lang)
Member

I have been looking at XACT earlier, and seems like a good piece of equipment.

I have been recommended from a phone forensics forum, that using a phone flasher such as Shu-Box http//www.fonefunshop.co.uk/Unlocking/hsu.htm to get the dump, then a program such as Pandoras-Box to analyse the data http//www.hex-dump.com.

We are awaiting the delivery of Oxygen at the moment for sim-card extraction etc..

I really appreciate the help guys and will research what you have said )

Thank you

ReplyQuote
Topic starter Posted : 05/09/2008 7:30 pm
Share: