Monthly Archives: August 2010

File 0000000000000001.db? If that’s a file where would you look?

Posted on August 31, 2010 by BruceD

When processing an Apple device, check the files located in /private/var/mobile/Library WebKit/Databases. The Databases.db file is a SQLite Database file that contains a listing of databases.  This file can include (https) Google Mail and Yahoo Mail.  The corresponding file name … Continue reading

Posted in Rant | Tagged , , , , , , | 4 Comments

MFI Training Series vol 1 -Processing

Posted on August 24, 2010 by Lee Reiber

Ok, so we left off talking about the examiners process and now are going to move onto the actual processing of the device it’s self. I will generically talk about some key points I like to cover in my courses. … Continue reading

Posted in Training | Tagged , , , , , , , , , | Leave a comment

HTCIA

Posted on August 23, 2010 by Lee Reiber

Greetings all you followers of MFI Bloggingness ( if that is a word, if not I call it). This comes to from about 39,000 feet, my frequent abode and resting place for bloggingness. I wanted to drop a line about … Continue reading

Posted in Training | Tagged , , , , , | Leave a comment

Data back-up using manufacturer’s software

Posted on August 21, 2010 by BruceD

If you use software such as Blackberry Desktop Software and iTunes to create back-up files, always test new versions to verify the settings. Recently, newer versions have had changes to the default settings. You do not want to find your contacts … Continue reading

Posted in Rant | Leave a comment

When is a picture more than just a picture?

Posted on August 13, 2010 by BruceD

An iPhone 3G was received for analysis. The owner had reportedly taken video of an assault and subsequently deleted the video. The device was user jailbroken and had the “Cycorder” app installed. This app uses the onboard still camera with … Continue reading

Posted in Training | Tagged , , , , | 1 Comment

Samsung Lock Location

Posted on August 12, 2010 by Kevin DeLong

In processing a Samsung SCH-U740 it was found to have a lock code enabled. Utilizing Bitpim’s File-system view I was able to obtain the file-system and hopefully the lock code in the normal areas of nvm_0002, nvm_security etc. In examining … Continue reading

Posted in Training | Leave a comment

Dont Forget The Filesystem

Posted on August 12, 2010 by Lee Reiber

Lets talk about phones! Of course the first step should be ALWAYS to isolate the handset from the cellular network but most important step when EXAMING the cellular device. FILESYSTEM, FILESYSTEM, FILESYSTEM. Did I say filesystem. The filesystem, if available, … Continue reading

Posted in Training | Tagged , , , , | 2 Comments

MFI Training Series vol 1 -Process

Posted on August 6, 2010 by Lee Reiber

This blogging will be quite interesting and I think might help express the ideas and theories I always yell at students about in class (sorry students but passion is passion). I think I will start a series on process. Let’s … Continue reading

Posted in Training | Tagged , , , , | 3 Comments

Some RegEx’in

Posted on August 3, 2010 by Lee Reiber

Hey we have started the MFI 303 course where we cover grabbing some serious artifacts from the cellphone fileystems.  Do you know that the majority of cellular extraction tools only parse out about 40% of actual data.  What I mean … Continue reading

Posted in Rant | Tagged , , , | Leave a comment

Welcome

Posted on August 3, 2010 by Lee Reiber

Welcome to the mobile forensics inc blog.  I think this may be a way for me to stay on top of any issues that I might run into.  Our Newsletter has been a bit backlogged just becuase of the crazy … Continue reading

Posted in Rant | Leave a comment