There have been a few threads on what constitutes a good lab for computer forensic analysis but what are people's thoughts on a good set of software and hardware tools for mobile phone/Blackberry analysis?
Take a look at NISTs evaluations of forensic tools for PDAs & Mobiles
http//
Guidelines on PDA Foreniscs
http//
Thanks, that's an excellent paper.
Am considering Paraben's products, Radio Tactics and Oxygen.
What combination of products do people recommend that give the best results for the widest number of devices/SIM cards?
I use a variety of software tools in my lab. I don't really have an option since no one software application will work for every phone. The main programs I use are Paraben, DataPilot, BitPim, SimCon, Oxygen, then whatever speciality software the manufacturer of the phone has out if all else fails. Of course there is the old "manual" look through if nothing works )
If you are law enforcement I highly recommend
The guy's name is Karl Dunnagan. Very knowledgable and he likes his beer )
My favourite tool .XRY from Micro Systemation.
Have used a lot of different analysis tools..
" The one and only "
Aren't Cell's the Biggest "Wild Card" in forensics today? I mean the ACquiring of the data is really a toss up. First, you have to be lucky enough to have they correct cable (here in the US the phones/providers don't play well with each other..Can we just get a standard here???!) then the phone has to be the correct model becasue the different revisions…
Hopefully the Wide spread use of Bluetooth interfaces on phones will help with the ease of interfacing with the Phone, but at least here in the US, I don't see an easier future for Cell Phone work. Geez..we aren't even adopting the SIM cards yet…
I just want software that will RAW dump everything out of the phone and let my real tools do the work/carving etc…
For the Blackberry's…Paraben Device Seizure works nicely! Also a combinatorial use of the BB Desktop Manager Backup to an .IPD file and your normal forensic tools examining the .IPD file…as well as connecting the .IPD file to the correct Blackberry Simulator helping to make nice screenshots…
Device Seizure is also helpful with the other SmartPhones (Win, Palm)…(all but the SideKick…Hello Danger….get a clue here!!!)
For everything else…it's the Swiss Army Knife approach. Depending on the mfg of the phone, the carrier technology and the model…pick a software tool…SIMCon, DataPilot Secure View, Cell/Device Seizure, TULP2G, BitPIM, Oxygen, MobilEdit, and the Moto and iDen tools…for the Hardware…the NIST doc does a nice review of them all…including GSM .XRY, RadioTactics Mobile Toolkit, and even the LogiCube CellDek…
So many tools and I'm sure I've left off a few…
Rick
SmartPhoneForensics.com
Well my 2 cents
for sims i used simcon and the a free software to retrieve deleted sms xsim (no longer supported) the first one with an ps/sc omnykey and the second one with pc/sc gemplus reader
for mobile mobileedit forensics if u have the pin if u dont have and is from another country and is locked u need a sim that is programed for gral use.
then u can only retrieve information stored in the mobile with any normal software.
Take a look at the following website
This is proving to be a very valuable source of information for all things to do with mobile phones including currently a free download tool to analyse raw data on nokia mobiles.
HEX dumps rule!!
Tools we use are .XRY, SimCon, PhoneBase, Manual Download, Oxygen and some of the others listed
ive been dealin with cell phones for about 3 years now.
the NIST report is pretty accurate, except when i go to conferences i havent found a single person that could tell me why paraben was on top of the memory list. ive used xry, its ok but the phone base is kinda lacking for the US market. Unless oxygen did something amazing in the past 2 years when i wasnt looking, i'd still use SIMIS over any of the other tools out there. im still looking for a complete software set that will do blackberry devices that are password locked. if anyone finds one that does everything including the pearl models let me know.