Forums
Main Category
General (Technical,...
SMS hex format ???
 
Notifications
Clear all

SMS hex format ???

 
Page 3 / 3
General (Technical, Procedural, Software, Hardware etc.)
Last Post by LeoWski 14 years ago
26 Posts
11 Users
0 Reactions
6,352 Views
RSS
 RonS
(@rons)
Reputable Member
Joined: 17 years ago
Posts: 358
21/01/2011 5:11 am  

Yes, it can.
It has to be part of an extraction. (UFED file system dump or physical extraction)


   
ReplyQuote
Robbo747
 Robbo747
(@robbo747)
Eminent Member
Joined: 17 years ago
Posts: 37
08/03/2011 5:36 am  

Ron, thats great Celebrite File system dump has this ability…we have a file dump for a SGH-F480T containing this phonedb.00 file. However, we haven't found a practical interpreter.

We have tried a lot of different ways of opening the file however as it is not a "standard" DB2 databse file, it could not be easily imported into DB2, SQL Server 2005 using the Data Import Wizard, SQL Server 2005 using an SSIS package to load the data and proces it, Excel, Notepad, Wordpad, Notepad++, Content Extractor or Samsung PC Studio.

I suppose the next option would be to contact Samsung- has anyone approached these guys in the past with success ??

Has anyone had success with this supposed db2 file ??


   
ReplyQuote
 RonS
(@rons)
Reputable Member
Joined: 17 years ago
Posts: 358
08/03/2011 11:22 am  

UFED Physical Analyzer can decode these files.
Additionally, the latest UFED version supports physical extraction of the F480 (a unique capability) and of-course decoding it so that you can get much more deleted data than you get from the file system (from the database file).

You can also send me the file and I will try to decode it for you.


   
ReplyQuote
 LeoWski
(@leowski)
Active Member
Joined: 14 years ago
Posts: 5
09/03/2011 11:39 am  

UFED Physical Analyzer can decode these files.
Additionally, the latest UFED version supports physical extraction of the F480 (a unique capability) and of-course decoding it so that you can get much more deleted data than you get from the file system (from the database file).

You can also send me the file and I will try to decode it for you.

G'Day Ron, I'm with Robbo747 working on this file from a SGH-F480T. We've done the Cellebrite file dump to get this file, but our unit doesnt have listed a "F480" supported for a physical dump…..there's a "X480" - are they compatable?

Regardless, the file dump file "phonedb.00" is fuly readable, the header containing the line "/DB2/unlimitdb" at 76Hex, and further below the full data in the database format….its just that we dont have a DB2/SQL database (or the knowledge to work one) that I can import this file to.

I'd love to send you the file, but it contains sensitive info unfortunately.. cry


   
ReplyQuote
 RonS
(@rons)
Reputable Member
Joined: 17 years ago
Posts: 358
09/03/2011 5:27 pm  

UFED version 1170 (released last week) does have the F480 supported with physical dump (you need the Physical license to be enabled)
You can download it from this link
http//www.cellebrite.com/forensic-products/ufed-2.html


   
ReplyQuote
 LeoWski
(@leowski)
Active Member
Joined: 14 years ago
Posts: 5
10/03/2011 3:17 am  

UFED version 1170 (released last week) does have the F480 supported with physical dump (you need the Physical license to be enabled)
You can download it from this link
http//www.cellebrite.com/forensic-products/ufed-2.html

AAAAHHH! I'll hit up Neil to get ours updated. Thx! D


   
ReplyQuote
Page 3 / 3
Forum Jump:
  Previous Topic
Next Topic  

Currently viewing this topic 2 guests.

Share: