I'm am currently processing a LG VX9200. It has a 4 digit security code, locking the phone. I was able to get all info off the phone using Susteen Secure View 2 except for the SMS which is not supported. I used BitPim to browse the file structure and found the folder named SMS. In that folder there is a Drafts, Inbox, and Outbox. So it looks promising so far right. In those folders are .dat files named inbox234.dat and so on. I can view those files using notepad and I can view those files in hex view which does show the text.
Anyway to my question. there are a lot of text messages, in excess of 500. I was wondering if anyone has run by a tool that can convert these .dat files to a viewable format.
I can view those files using notepad and I can view those files in hex view which does show the text.
Anyway to my question. there are a lot of text messages, in excess of 500. I was wondering if anyone has run by a tool that can convert these .dat files to a viewable format.
Try extracting them all to a single dir and use the rename command in DOS (ren *.dat *.txt).
Well I can view them in notepad with no issue the contents is a bit garbled, example
H™ Ô9!&2 Ô9 Hey just know one thing I do care about you and I always hav d‘—Ê
]yôA¯vþè7îʃ¦;³ ’ƒ&ôðòʃ-ýz ó¿ª;² ’ƒÎø|óA£l¨9eχ¯,›2óæƒ~d| æû¹ é‡^TðòÊÚ
So i can see the text message but I dont know what else I may or may not be missing due to the garbled characters. And I can open each file and copy out the viewable text but I have about 500 for each folder, inbox/outbox. I was hoping someone had run across this issue before and knows of an automated process.
If not I can always do it one by one. But like everyone else my plate is overflowing and I was wishing for a better solution.
what have you found out about the data structure of SMS messages on LG phones?
can you provide a sample in hex format?
20202020170220204899022017D41939
100515212632202008D4193901012020
20202020022020202020202020014865
79206A757374206B6E6F77206F6E6520
7468696E67204920646F206361726520
61626F757420796F7520616E64204920
616C7761797320686176202020202064
9197CA0D5D79F441AF76FEE837EECA83
A68D3BB3A0928326F418F0F2CA830E2D
FD7A20F3BFAA0C3BB22092830ECEF87C
F341A30F6CA83965CF87AF2C9B32F3E6
837E641B7CA0C38FA69DFBB9A0E9875E
5418F0F2CA81DA902020202020202020
20202020202020202020202020202020
20202020202020202020202020202020
20202020202054657272792063656C6C
20202020202020202020202020202020
20202020202020353535353535353535
35202020202020202020202020202020
20202020202020202020202020202020
20202020202020200A01282020202020
some of that looks like it may contain date/time info I would be.willing to deconstruct the file structure for you if you send me one of the small ones or send me some screenshots of winhex with several entries viewable my email is
ryan.manley@wiseforensics.com ill see if I can make a quick app for the rest of the structure for u to get more data.
Ryan
Wow, that's a great offer! A custom script to dump each folder to a csv sounds ideal. Btw, I know I'm going to sound like a broken record, but when you write out the csv, be sure to enclose strings in double quotes, because if they contain commas, Excel will put the remainder in a separate cell, which is maddening.
If you want a very fast technique to review the text, try the Linux Strings command and dump everything into one txt file, suitable for triage.
/scott
Yes I agree, a great and generous offer. Thank you xaberx for taking your time to look at it. Same with ForensicRanger he has been looking at it as well for me.
Thx again guys for taking the time to help out. I appreciate it.
20202020170220204899022017D41939
100515212632202008D4193901012020
20202020022020202020202020014865
79206A757374206B6E6F77206F6E6520
7468696E67204920646F206361726520
61626F757420796F7520616E64204920
616C7761797320686176202020202064
9197CA0D5D79F441AF76FEE837EECA83
A68D3BB3A0928326F418F0F2CA830E2D
FD7A20F3BFAA0C3BB22092830ECEF87C
F341A30F6CA83965CF87AF2C9B32F3E6
837E641B7CA0C38FA69DFBB9A0E9875E
5418F0F2CA81DA902020202020202020
20202020202020202020202020202020
20202020202020202020202020202020
20202020202054657272792063656C6C
20202020202020202020202020202020
20202020202020353535353535353535
35202020202020202020202020202020
20202020202020202020202020202020
20202020202020200A01282020202020
$ cat filename.dat | xxd -l 256
?