SD Card Recovery
Many phones use a Mini SD card for expanded memory. Cameras and camcorders also use expanded memory slots. Devices save data to either an internal memory or to the external memory card, sometimes both.
Data recovery from an memory card can be as simple as removing the memory card from the device, putting it in a card reader attached to your computer, and running a file recovery program.
Many computers these days have a built in card reader. If your computer doesn't have a card reader, you can purchase a USB card reader almost anywhere for $5-$20 or so. Here are a few places where you can order online.
Data recovery from an memory card can be as simple as removing the memory card from the device, putting it in a card reader attached to your computer, and running a file recovery program.
Memory Card Readers
Many computers these days have a built in card reader. If your computer doesn't have a card reader, you can purchase a USB card reader almost anywhere for $5-$20 or so. Here are a few places where you can order online.
File Recovery Software
The good people at CNet's Download.com have quite a few file recovery tools. However, there are some that aren't free. Limited trials may allow one to view the thumbnails of recovered images but the full licensed product is required for retrieval. The geek-elite at Lifehacker have provided their own guide for the best file recovery software. I highly recommend reading through their article before proceeding in your file recovery efforts.The following software has been recommended by BSC blog readers:
- UndeleteMyFiles - Free
- Recuva - Free
- MiniTool Power Data Recovery - 1GB recovered free then $65 for a license
Other Uses for File Recovery Software
One benefit of the file recovery software is that it can be run on several types of devices. Make sure to check the memory cards of all of you mobile phones, cameras, camcorders, GPS devices, video game consoles, etc... A second use for the software is that it can be run on hard drives of computers and laptops. The recovery software is a versatile information gathering tool.Trouble Ahead: Internal Memory
The hard part of data recovery from devices comes from the internal memory of the device. The big culprits here are the Apple iDevices and the Blackberry. Apple prevents the use of external memory in its iPhone and iPad devices by not supporting physical slots for memory expansion. Some Blackberries default to using internal memory. The Blackberry Curve series will only use the external memory slots for message storage, photo storage, contact storage if the user modifies the default settings in the menu. In most cellphones some data is even stored on the SIM card, but Blackberry doesn't even do that.Big Trouble
Even forensic professionals have a difficult time reaching into internal memory on mobile devices. It's a complex problem with lots of layers.In the first layer you have firmware. This is the basic operating software on the phone that boots it up. Not only does each manufacturer have their own firmware on the device but each model of device can have a different firmware as well.
The next layer is the operating system. The main contenders in operating system are Apple and Google. Apple is notorious for closed systems and actively prevents the open source community from developing utilities that would have helped our purposes. Google's Android is much more open and has more development community involvement. There may be some applications out there on the net which would help recover data.
The third layer is a twist on the second. Jailbreaking the iOS or Android operating system adds a further wrinkle. The Cydia jailbreak adds a new app store for the iOS system where third-party developers can sell software. As with any operating system modification, apps designed for the original configuration may or may not work on the jailbroken device. Additionally, apps added after the jailbreak may modify how data is stored or can be retrieved.
The icing on the crap-cake is that special equipment and decoding software may be needed. For my outdated early-2000's Blackberry, the kit would have been ridiculously expensive. For those of you with deep pockets, there's a list of links below.
If anyone out there knows about a good tool set for Android, Blackberry and iOS... Please share!
What can you do?
There are cellphone reading kits that police and professional private investigators use to access the internal memory of the device. These kits are ungodly expensive. My recommendation is to seek professional help if you absolutely need to see the internal memory on a device. Contact a private investigator in your area, ask your lawyer for a referral, check out the firm's reputation, see if they outsource the forensic work and check the reputation of the lab. Be prepared to pay - I was charged $750 for one phone.Also, be prepared to get zippo off the device. That's right... I spent $750 for "no data" because the lab couldn't read internal memory off the phone (not the SIM or expansion memory - the internal data store). The lab had a good reputation and updated equipment. They just were not able to read the internal data. Luckily, they refunded my payment. Contractually they didn't have to refund anything so I do feel very lucky indeed.
Professional Tools:
- CelleBrite UFED
- Logicube CellXTract
- Paraben Device Seizure the only company advertising price, their cheapest kit is $1,750
- Micro Systemation XRY
- Susteen Secure View
Cell Phone Records
Don't forget to log into the online account for mobile phones. I used this access to download a couple of years worth of calls and text message records. The data is simple; date, time, number, duration, placed/received call, sent/received text, and sent/received mms.You should look for a pattern. For example- your wayward spouse has been calling and texting a suspicious number every day for months and then has a few days with little or no texts or calls. If this aberration occurs at the same time your spouse was away on a business trip, visiting family, working over the weekend, etc. I think you have some very strong evidence for a rendezvous.
Spoofing a Cloud
I have been researching a new approach for forensics. This is based on the distributed memory principle of cloud computing. For example; Apple's iOS for iPad and iPhone is utilizing a 'live backup' to their iCloud service which basically runs a backup of apps, contacts, and data through the internet connection of the device. Somewhere, out in the net, is an encrypted copy of all of the device data. I'm looking into how one could access this information -- so stay tuned.--- DNS
No comments:
Post a Comment