Hello All,
We all know that many types of contents in mobile phones (e-mails, messages, files etc) may be be left extracted/decoded, and are partially supported by forensic software. And some forensic software openly and honestly state this on their main screen during the examination, e.g. XRY from MSAB gives a warning and say e.g emails in this phone are "partially supported" so the examiner is warned and he/she will probably make further efforts to fully extract those partially supported by means of other forensic tools, or probably will state this in his/her report if he does not have any other tool or probably manually examine the phone to ensure to deliver all those contents.
Despite being good, such warnings (e.g partial support) do not seem to be given in most of other forensic tools, and we all know all alleged forensic software misses many types of contents in phones.
So would it not be good if all software should be more open and give out such informatory note for the contents that they do not support properly, so examiners make further efforts with other tools or state it in their report.
When no such warnings, some examiners may take it for granted, and think that they have already provided all the evidence in the phone, whereas they have not.
What do you think?
…
But, I haven't seen such a warning like "partial support" in other forensic tools, and we all know that no software can fully support everthing. So all software needs such kind of warnings to provide more confidence to examiners.Would not it be better if all forensic software should be more open and state such warnings for relevant types of contents, so we as examiners can feel confident about the results.
Without any such warning "partiall support", examiners take it for granted and believe they provided all the contents in the phone, whereas they don't.
What do you think?
I think that anyone actually "taking for granted and believing … " that should be immediately, on the spot (or on the field) be demoted 😯 from "digital forensic examiner" to "clueless guy that somehow managed to be allowed to push a few buttons".
The idea is that professional tools are aimed to professionals wink , and as such they need not to carry all the warnings and caveats that the general public is used to.
In the US you have
https://
which is often used as an example of the (supposed) cluelessness of US drivers or of the US habit of covering with a warning every possibility of a legal claim/suit for indemnification).
Please do understand the difference between the above and signs like
https://
In the former case, an external (convex) mirror is "standard" in any car for which the driver is subject to possessing a driving license, whilst the latter sign is for the "general public" that may well be unaware (as it is such an unusual case) that a wet floor may be slippery but - in any case - they don't NEED to pass an exam and have a license issued to simply enter a (publicly accessible) space.
Next will be a non-removable sign on hammers warning how the hammer could potentially drive a nail into wood non perpendicularly.
And remember to hang all over the (mobile forensics) lab these signs (just in case)
http//
jaclaz