Have you ever used a piece of software to conduct an examination on a mobile phone to find out that even if it is listed as supported an error occurs while trying to extract the data? What could be the issue? There could be several causes and I will go through a couple that just might solve the problem for you. These are covered in depth during out MFI 101 training course.
Do you have multiple software solutions running?
The communication that occurs between a device and the computer demands that a COM port must be available to the software. If the phone is “attached” to one piece of software via this COM port and the second piece of software is also trying to open the port an error will occur indicating communication cannot occur. I have termed this anomaly “COM envy”. Since the port has been opened by one piece of software it will have this exclusive relationship until that software is closed, thus closing the port. So, one piece of software at a time.
Have you initiated and extracted data with one tool and then immediately typed to extract data with a second tool?
Cellphone tools switch phones into diagnostic mode in order to extract user data. If the tool does not properly release (most tools) the device then the phone remains in this state. If the examiner then immediately attempts to use another tool and the phone is still in diagnostic mode from the prior extraction a communication error occurs. To combat this the examiner can simply “power cycle” the phone. To “power cycle” a device you must remove and then reinsert the battery. Simply pressing the power button will not suffice. If you do have to power cycle the phone always take into consideration: Could the phone lock, if it did can I bypass the lock, did I photograph the screen, will the phone still be off the network when restarting. Now that is not a full listing of course, but I am sure the picture was painted. One tool running at a time.
Do I have the proper port selected?
Mobile devices seldom utilize one port when communicating using our forensic tools. The problem that arises is the fact that some software auto selects the port and sometimes it is the incorrect port. If the examiner has the ability to select the port one should utilize the “Serial/Cable Port”. Now there are exceptions to this. For example, the Motorola W385 has both a modem and serial port that are available for communication. Selecting the modem port will allow the user data to be extracted, not the serial port. Selecting the serial port first is generally the port for extraction with CDMA devices, but of course there are exceptions. If only a modem is available that is ok. The software will communicate on that port and place the phone Into diagnostic mode via the modem port.
Select the “Serial/Cable Port” in the COM portion of the tool first to minimize communication and extraction failures.
I hope a couple of these might help you with communication issue should they be encountered.
Lee Reiber
