Mobile Phone Hex Dumping - Solutions and advice needed
Firstly a courteous hello as this is my first post on this very informative forum.
However I am in need of advice.
I am a work placement student on my placement as part of my Forensic Computing Degree, very little is covered in regards to the mobile side of forensics on the course.
I started my placement two weeks ago, which involves mobile and PC investigations.
I am looking for advice on recommendations in regards to the software and hardware involved in "hex dumping" of the mobile handset.
What do the experts use for the extraction and then subsequent analysis of the dumps.
The reason I ask is I will be advising on the purchases of these products, so any help would be greatly appreciated.
To be honest, the majority of people performing mobile device forensics do not analyze physical hex dumps. I'm not saying there aren't people who do, but by and large it's not common practice. First, because it requires a level of sophistication, training and knowledge which far surpasses the average LEO and also because the software which is able to perform physical acquisitions of mobile devices is not as prevalent as software which can do logical only acquisitions.
The best platform I've seen for doing physical grabs of a mobile device's memory is Microsystemation's XACT (http//www.msab.com/en/mobile-forensic-products/XACT-mobile-forensic-application/). Then there's also Paraben's Device Seizure (http//www.paraben-forensics.com/cell_models.html). You can check out this list from Paraben which lists which software performs acquisitions on certain model phones http//www.paraben-forensics.com/model-comparison.html Be warned, however that the list is incomplete and not 100% accurate (and obviously, somewhat bias)
AccessData has a mobile device examiner that requires FTK 2.0.
Oxygen Forensic Suite 2 is also a viable option.
I have been looking at XACT earlier, and seems like a good piece of equipment.
I have been recommended from a phone forensics forum, that using a phone flasher such as Shu-Box http//www.fonefunshop.co.uk/Unlocking/hsu.htm to get the dump, then a program such as Pandoras-Box to analyse the data http//www.hex-dump.com.
We are awaiting the delivery of Oxygen at the moment for sim-card extraction etc..
I really appreciate the help guys and will research what you have said )