Hi,
I wanted to do a forensic analysis of a LG Dare cellphone. Would it be possible to use FTK Imager to make an image of the phone? Or should I be using some other software?
Also, do I need some drivers for my PC to recognize the phone when they are connected?
Any help would be appreciated!
Hi Tim,
Do you need to take an image or do you want to do an extraction of the logical data?
I am not familiar with this handset but from a quick googling it appears to be a CDMA device. Have you tried BITPIM?
Failing that when you plug it in you may be able to select 'Transfer' or similar which will put it in mass storage mode, you can then image this through traditional methods.
I hope that helps a little bit?
Regards
Mobile device analysis (some say data recovery) is really a different animal than computer forensics. No, FTK imager will not work. You could do a file transfer via bluetooth but the process is just that, a file transfer as opposed to an analysis.
There is another entire set of processes/software/knowledge required to analyze mobile devices. Bitpim is a free option, but the list of supported models is pretty short.
Bitpim actually supports the LG dare (model VX9700). It should get you the phonebook, call history, SMS, wallpaper (photos). It will also get you the logical filesystem of the phone that you can save to a zip file. You can import that file into FTK and browse through it. You can even run file carving against the zip and sometimes get a couple deleted photos.
On a side note, even if a CDMA phone isn't listed as supported by Bitpim, Bitpim has a "Other CDMA Phone" setting, which will usually let you access the filesystem to back it up as a zip file even when the phone isn't on the supported list. You just have to parse it out yourself in FTK or something.
Joe