Tag Archives: cellphone forensics

COM Envy

Posted on December 3, 2010 by Lee Reiber

Have you ever used a piece of software to conduct an examination on a mobile phone to find out that even if it is listed as supported an error occurs while trying to extract the data? What could be the … Continue reading

Posted in Training | Tagged , , , , , , , , , | Leave a comment

Yes I said it “Cellphone Forensics”

Posted on November 17, 2010 by Lee Reiber

As promised to all the examiners out there I say, “cellphone (mobile) forensics”. This roll comes early since we are in a wonderful holding pattern while deciding to land (I love winter). I thought I would just do another promised … Continue reading

Posted in Rant | Tagged , , , , , , , , | 1 Comment

Cellular Forensics

Posted on November 16, 2010 by Lee Reiber

Of course coming from the skies somewhere above the United States I am going to talk about the beginning of my quest in cellphone forensics and where we are today. And for those that cringe every time I say “forensics” … Continue reading

Posted in Rant | Tagged , , , , , , , , | 2 Comments

FTK 3.2 and cellphones

Posted on October 12, 2010 by Lee Reiber

A little bit of a layoff on the blog due to some crazy class schedules, but hey I am here again at 30,000 feet so what the heck. Lets talk about AccessData’s FTK.  I have been messing with AccessData’s new … Continue reading

Posted in Products | Tagged , , , , , , , , , , , | 4 Comments

Mobile Phone Examiner plus

Posted on September 3, 2010 by Lee Reiber

Another one of these from in the air. Was there not a movie about this? Anyway… We have been doing this for a while and have seen a few pieces of software come and a few go. Take for example: … Continue reading

Posted in Products | Tagged , , , , , , | Leave a comment

Mobile Forensics Inc 303 – Release Notes

Posted on September 3, 2010 by Lee Reiber

Another airblog for you. This time coming from 40,000 feet! Finally a new MFI on-site course! We ran this course in some private venues to seen how it went. To be honest we sorta feel like a band doing a … Continue reading

Posted in Training | Tagged , , , , , , , , , , , , , , , | Leave a comment

File 0000000000000001.db? If that’s a file where would you look?

Posted on August 31, 2010 by Lee Reiber

When processing an Apple device, check the files located in /private/var/mobile/Library WebKit/Databases. The Databases.db file is a SQLite Database file that contains a listing of databases.  This file can include (https) Google Mail and Yahoo Mail.  The corresponding file name … Continue reading

Posted in Rant | Tagged , , , , , , | 4 Comments

When is a picture more than just a picture?

Posted on August 13, 2010 by Lee Reiber

An iPhone 3G was received for analysis. The owner had reportedly taken video of an assault and subsequently deleted the video. The device was user jailbroken and had the “Cycorder” app installed. This app uses the onboard still camera with … Continue reading

Posted in Training | Tagged , , , , | 1 Comment

Dont Forget The Filesystem

Posted on August 12, 2010 by Lee Reiber

Lets talk about phones! Of course the first step should be ALWAYS to isolate the handset from the cellular network but most important step when EXAMING the cellular device. FILESYSTEM, FILESYSTEM, FILESYSTEM. Did I say filesystem. The filesystem, if available, … Continue reading

Posted in Training | Tagged , , , , | 2 Comments

MFI Training Series vol 1 -Process

Posted on August 6, 2010 by Lee Reiber

This blogging will be quite interesting and I think might help express the ideas and theories I always yell at students about in class (sorry students but passion is passion). I think I will start a series on process. Let’s … Continue reading

Posted in Training | Tagged , , , , | 3 Comments