While assembling a want list of mobile device forensic hardware/software, I would like to add a flasher box to the list. I know they very quite a bit, but can anyone recommend a model which they use on a regular basis?
I'm U.S. based if that is a factor.
The box which gets the most use consistently in our lab is HWK/UFS. The HWK Suite offers support for a large range of handset's and I find is less temperamental than some of the other offerings.
I think you may want to assess the majority of handsets which you see for those which need to be flashed. The reason I say HWK/UFS for us is that of 2 of the main players in the GSM handset world it pretty much addresses our every need. The handsets which you require flashing for may not even be supported by this box. As such, it may be more appropriate to buy a box offering the most support to the handset types which you actually see.
Regards,
Colin
As above
However the Shu-Box includes the SEToolbox too as well as the HWK/UFS
http//
I have personally never used the Shu-Box but very regularly use SE Toolbox and HWK/UFS as separate entities.
Si
Thank you both very much!
azmatt, can I suggest you also look very closely at what any of the products actually do and what they actually retrieve. That is to say some of the flasher imagers/hex dumpers out there may not record from the original start offset address 00000000 of the chip but e.g a .bin file (or what have you) may begin at the location where the flasher is first set to start or detect plain text. By way of illustration, an examiner may not immediately recognise this fact largely because of the fact s/he may have produced an electronic file and, following search and carving, s/he may reveal in that file's content user data (sms, contacts, etc). The mistake that occurs of course is that the examiner SHOULD have found out the memory (bytes) size of the mobile phone's flash chip prior to jumping ship believing the flasher file contains everything. Also, determined if the flasher device is pre-set or whether the user can set it.
As an example of evidence in a case I looked at the byte size of the flasher's output file was 48Mb size. The flash chip memory for the particular mobile phone from which the contents of the file was said to have been extracted was in fact 128Mb size. So where were the encrypted files, programs and (using computer terminology if you will) was any slack/free space artefacts missed or how about user data connected with specific programs where the user data resides within the program?
Imagine that you receive evidence similar to the above case. Mighten you think there is an error in the work of the examiner; the examiner left something out; or maybe whether the file had been contaminated in some way?
Maybe these observations might be helpful to you and worth considering perhaps.
Very good stuff.
Here is the kit I have now, they all have their uses. Not all read the memory. Some just provide us with the passwords. I am in the middle of writing a white paper on Flasher Boxes that provide details on the installation; password recovery methods; acquisition of data; decoding of data; etc.. They are not for the novice to use, you can ruin your evidence by selecting the wrong option. I would suggest training before jumping into using them.
Here is my list
• SE Tools 3 - about 120.00 USD - covers off a lot of the Sony Ericsson phones and some LG devices
• NS Pro - about 160.00 USD - covers of a ton of Samsung phones
• Smart Moto Clip - handles Motorola product, great for getting pin user codes.
• JAF - runs about 200.00 USD - Nokia cell phones
• UFS/HWK Micro - 180.00 USD - Nokia, Samsung, Sony Ericsson and Motorola
• CDMA Workshop - you don't need the flasher box for this to work, just buy the software- 100.00 USD
• Octopus - 190.00 USD - this covers off a lot of LG phones
• VYGISTOOLBOX – about 200.00 USD, for more LG phones
• RockerDongle - about 140.00 USD, for Motorola phones
Detective Bob Elder
Computer and Mobile Phone Forensics Unit
Victoria Police Department
850 Caledonia Avenue
Victoria, BC, V8T 5J8
Phone 250-995-7654
Fax 250-995-7262
cop.geek@gmail.com
Dealing with flash memory
RComm is a useful tool as is CSS for browsing flash.
Then again using Carbide C++ and other development tools can assist in doing some of work examiners appear to need.
Hello All,
I would like to know the tools that can used for PM files exploring. PMExplorer from Sanderson Forensic works great with Nokia PM files. What other tools are there?
Cellebrite UFED supports decoding PM files and Nokia chip-off dumps (including Symbian chip-offs) and many more mobile phone file system formats