BBM PINs

There is a "PIN" field within contact entries on a BlackBerry. It may be worth reviewing the contact entries to see if the PIN is listed within one.

Oh right, I will have a look into that. Thanks.

But is there any way to tell whos who via the PINs? or is that information only shown live on the phone via the RIM Server?

To preface, I'm not some kind of engineer or any such, but I trained (and performed) PDA Support (primary focus in Blackberries) with T-Mo and then filled a similar role for VZW (with much less focus on smart phones).

The short answer is yes, but depends on your level of access. From my knowledge of the tools involved, the way you can find out who is who is by getting in touch firstly with someone who has access to the Blackberry Provisioning Tool. This tool is what associates a particular PIN with a particular ICCID (or whatever the carrier equivalent is) in the Blackberry servers (to gain access to the internet with a BB you've got to have the correct APN in the carrier's systems, and then have the correct permissions set on RIM's side). This tool has a feature where you can search the actions taken on a particular PIN.

By using this search, you can come up with what ICCIDs were provisioned with that PIN before. This is a little known/used feature (as on the carrier's tech support side it has little real use), but it is available. From here, it's just a matter of connecting with whatever service provider and having them search their billing systems.

Another pathway would be to associate a given PIN with its EIN/IMEI, and with that you can track usage. If the device in question is with a GSM carrier, this can mean a trip into some notoriously wonky warranty/sales history systems (as there's no guarantee anyone has bothered to update the billing system with the correct IMEI as the association between customer and device is primarily handled through the SIM–resellers make this even more potentially complicated/fruitless).

To my knowledge, RIM has practically no other discrete link between a particular device and user in their systems (beyond whatever might be revealed in looking at saved data from use of the blackberry.net APN). I say this because they rely on the carriers to assign and correct access permissions. Most of this happens automatically through updates sent by whatever particular billing system is in use. Someone can go in and manually add the blackberry.net APN and provision a subscriber for BIS or BES without invoking the billing system giving that subscriber free access. Every once in a while, RIM has to actively audit the number of subscribers being charged for access against the number who have access.

You can get the BBM contacts with "berrygrab" all names are displayed along with their respective pin

bigjon, not seen this before… so thanks.

For private use it could be useful, but how you do you see this when dealing with evidence?

http//berrygrab.com/
"Once you upload the IPD you will be entered into a queue of files awaiting to be converted into a database. Once this is complete not only can you view your data online, the backups are also stored as well meaning should you incur any data losses a restoration point will always be available. "

Trew, not for evidence as you can see its stored on servers.
However a neat little tool for private.
Its worth considering though for emergency high risk missing from home enquiries etc I would use this

a short update
Cellebrite UFED PA latest version v2.3 that was released this week has built-in support for BB flash decoding (extracted using chip-off or other methods).

This includes BBM (and deleted BBM).

There are some companies that provide BB chip-off services. Make sure you try the UFED Blackberry decoding (from the chip-off readout you have) since it is not based on carving like these companies provide and you will get much more structured data.

RonS