Earlier today I was called to look at the contents of a cell phone. It was a Samsung flip phone on the Verizon network. I don't have the model number, but it looked like one of the very basic pre paid models you could purchase through Verizon.
The phone was powered on and I looked through some of the contents. It also sat in the front seat of my car for about 20 minutes as I drove back to my office. No problem, right? When I got back to the office I began to think about a logical dump. I could have obtained the model number from the inside the phone, but I chose to pop the battery to get the model number. After placing the battery back in and powering the device it now asked for a four digit pass code. (Enter maximum frustration!)
While looking at several forensic forums I have observed the occasional comment advising someone to keep a device powered on. Here are some questions I have that I hope you can help me with.
Is there a make or model of phone that, if you encountered it while it were powered on, you would recommend it not be powered off?
If this is the case and you work for a law enforcement agency how are you handling this? Have you placed a number of power strips in your property room where the devices are left plugged in isolated from the network?
Thank you,
Is there a make or model of phone that, if you encountered it while it were powered on, you would recommend it not be powered off?
Iphone.
If this is the case and you work for a law enforcement agency how are you handling this? Have you placed a number of power strips in your property room where the devices are left plugged in isolated from the network?
Use Faraday bags.
Basic rule for all acquisitions of phones when you first receive them, "if it's on, leave it on. If it's off, leave it off"
That way at least nothing you do will trigger a phone lock. If the phone is on I'll generally put it in airplane mode if possible, or faraday bag if not.
For some flip phones, Cellebrite can just read the PIN. This is from when PINs were more to stop pocket dialing than a security measure.
If that isn't an option - maybe SecureView's Burner Breaker robot?
Terry