Hi all,
I'm just after a bit of help and advice on this pleae.
I’ve performed a Full Hex Dump of an old Sharp GX10i and the dump is in a .crb format
I’m just wondering if anything supports this and the encoding it uses so I can show the “plain text”?
Or if not does anyone happen to know the rough offsets it should be stored to?
The dump was performed by a Vygis box if that helps.
Many thanks
Simon
Simon,
I think you are likely to find that the output from Vygis box is encrypted, hence the crb file will be of little use to you.
We use a piece of port monitoring software which intercepts the raw data received over the port before the software encrypts it. This is likely to be the best approach. There are some other sources of information which discuss this
http//www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=6855
http//
The AGG software talked about on there we have found is somewhat temperamental and have been using a different package from HHD which is working very well for us. I would suggest you gave the latter a try.
http//
Hope this is of help.
Regards,
Colin
Thank you very much Colin,
I couldn't ask for a more helpful post )
I'll look into this now.
Regards
Simon
When it comes to decoding the unencrypted dump I can't think of any tools which support this handset (cue RonS telling us that UFED does!)
Does the handset have any live data on it that you can back reference? String searches and hex searches of likely encodings (reverse nibble phone numbers for example) might at least drop you in to the right area and hopefully you'll be able to work from there.
Good luck, and if you have any trouble decoding please post back here and I'll try to lend a hand.
UFED Physical does decode many different file systems from physical dumps more than any other tool, but I never mentioned anything about the Sharp GX10i
) I don't blame you - I think I've seen about 2 sharp phones in the past 3 years. Probably not a a priority for you!