Mobile Phone Hex Du...
Clear all

Mobile Phone Hex Dumping - Solutions and advice needed  


Firstly a courteous hello as this is my first post on this very informative forum.

However I am in need of advice.

I am a work placement student on my placement as part of my Forensic Computing Degree, very little is covered in regards to the mobile side of forensics on the course.

I started my placement two weeks ago, which involves mobile and PC investigations.

I am looking for advice on recommendations in regards to the software and hardware involved in "hex dumping" of the mobile handset.

What do the experts use for the extraction and then subsequent analysis of the dumps.
The reason I ask is I will be advising on the purchases of these products, so any help would be greatly appreciated.

Thank you

Topic starter Posted : 05/09/2008 3:10 pm

To be honest, the majority of people performing mobile device forensics do not analyze physical hex dumps. I'm not saying there aren't people who do, but by and large it's not common practice. First, because it requires a level of sophistication, training and knowledge which far surpasses the average LEO and also because the software which is able to perform physical acquisitions of mobile devices is not as prevalent as software which can do logical only acquisitions.

The best platform I've seen for doing physical grabs of a mobile device's memory is Microsystemation's XACT (http// Then there's also Paraben's Device Seizure (http// You can check out this list from Paraben which lists which software performs acquisitions on certain model phones http// Be warned, however that the list is incomplete and not 100% accurate (and obviously, somewhat bias)


Posted : 05/09/2008 6:54 pm
Community Legend

AccessData has a mobile device examiner that requires FTK 2.0.

Oxygen Forensic Suite 2 is also a viable option.

Of course there are others BitPim, Cell Phone Analyzer & CPA SIM Analyzer, GSM .XRY, MOBILEedit!, TULP 2G. See this e-evidence info link for more info and links.

Check out this (albeit somewhat dated) paper from NIST or this subsequent report from NIST.

Posted : 05/09/2008 7:22 pm

I have been looking at XACT earlier, and seems like a good piece of equipment.

I have been recommended from a phone forensics forum, that using a phone flasher such as Shu-Box http// to get the dump, then a program such as Pandoras-Box to analyse the data http//

We are awaiting the delivery of Oxygen at the moment for sim-card extraction etc..

I really appreciate the help guys and will research what you have said )

Thank you

Topic starter Posted : 05/09/2008 7:30 pm