Easily Recover Files from Phone or Tablets

The quickest and easiest way to check your hunch that your spouse is cheating is to investigate their mobile devices. Full data recovery from a phone or tablet is difficult but there are some methods which you can do yourself at home with little cost or technical expertise.

SD Card Recovery

Many phones use a Mini SD card for expanded memory. Cameras and camcorders also use expanded memory slots. Devices save data to either an internal memory or to the external memory card, sometimes both.

Data recovery from an memory card can be as simple as removing the memory card from the device, putting it in a card reader attached to your computer, and running a file recovery program.

Memory Card Readers

Many computers these days have a built in card reader. If your computer doesn't have a card reader, you can purchase a USB card reader almost anywhere for $5-$20 or so. Here are a few places where you can order online. 

File Recovery Software

The good people at CNet's Download.com have quite a few file recovery tools. However, there are some that aren't free. Limited trials may allow one to view the thumbnails of recovered images but the full licensed product is required for retrieval. The geek-elite at Lifehacker have provided their own guide for the best file recovery software. I highly recommend reading through their article before proceeding in your file recovery efforts.

The following software has been recommended by BSC blog readers:

• UndeleteMyFiles - Free
• Recuva - Free
• MiniTool Power Data Recovery - 1GB recovered free then $65 for a license

Other Uses for File Recovery Software

One benefit of the file recovery software is that it can be run on several types of devices. Make sure to check the memory cards of all of you mobile phones, cameras, camcorders, GPS devices, video game consoles, etc... A second use for the software is that it can be run on hard drives of computers and laptops. The recovery software is a versatile information gathering tool.

Trouble Ahead: Internal Memory

The hard part of data recovery from devices comes from the internal memory of the device. The big culprits here are the Apple iDevices and the Blackberry. Apple prevents the use of external memory in its iPhone and iPad devices by not supporting physical slots for memory expansion. Some Blackberries default to using internal memory. The Blackberry Curve series will only use the external memory slots for message storage, photo storage, contact storage if the user modifies the default settings in the menu. In most cellphones some data is even stored on the SIM card, but Blackberry doesn't even do that.

Big Trouble

Even forensic professionals have a difficult time reaching into internal memory on mobile devices. It's a complex problem with lots of layers.

In the first layer you have firmware. This is the basic operating software on the phone that boots it up. Not only does each manufacturer have their own firmware on the device but each model of device can have a different firmware as well.

The next layer is the operating system. The main contenders in operating system are Apple and Google. Apple is notorious for closed systems and actively prevents the open source community from developing utilities that would have helped our purposes. Google's Android is much more open and has more development community involvement. There may be some applications out there on the net which would help recover data.

The third layer is a twist on the second. Jailbreaking the iOS or Android operating system adds a further wrinkle. The Cydia jailbreak adds a new app store for the iOS system where third-party developers can sell software. As with any operating system modification, apps designed for the original configuration may or may not work on the jailbroken device. Additionally, apps added after the jailbreak may modify how data is stored or can be retrieved.

The icing on the crap-cake is that special equipment and decoding software may be needed. For my outdated early-2000's Blackberry, the kit would have been ridiculously expensive. For those of you with deep pockets, there's a list of links below.

If anyone out there knows about a good tool set for Android, Blackberry and iOS... Please share!

What can you do?

There are cellphone reading kits that police and professional private investigators use to access the internal memory of the device. These kits are ungodly expensive. My recommendation is to seek professional help if you absolutely need to see the internal memory on a device. Contact a private investigator in your area, ask your lawyer for a referral, check out the firm's reputation, see if they outsource the forensic work and check the reputation of the lab. Be prepared to pay - I was charged $750 for one phone.

Also, be prepared to get zippo off the device. That's right... I spent $750 for "no data" because the lab couldn't read internal memory off the phone (not the SIM or expansion memory - the internal data store). The lab had a good reputation and updated equipment. They just were not able to read the internal data. Luckily, they refunded my payment. Contractually they didn't have to refund anything so I do feel very lucky indeed.

Professional Tools:

• CelleBrite UFED
• Logicube CellXTract
• Paraben Device Seizure the only company advertising price, their cheapest kit is $1,750
• Micro Systemation XRY
• Susteen Secure View

Cell Phone Records

Don't forget to log into the online account for mobile phones. I used this access to download a couple of years worth of calls and text message records. The data is simple; date, time, number, duration, placed/received call, sent/received text, and sent/received mms.

You should look for a pattern. For example- your wayward spouse has been calling and texting a suspicious number every day for months and then has a few days with little or no texts or calls. If this aberration occurs at the same time your spouse was away on a business trip, visiting family, working over the weekend, etc. I think you have some very strong evidence for a rendezvous.

Spoofing a Cloud

I have been researching a new approach for forensics. This is based on the distributed memory principle of cloud computing. For example; Apple's iOS for iPad and iPhone is utilizing a 'live backup' to their iCloud service which basically runs a backup of apps, contacts, and data through the internet connection of the device. Somewhere, out in the net, is an encrypted copy of all of the device data. I'm looking into how one could access this information -- so stay tuned.

--- DNS

Spyware, An Introduction

There's an old saying that being paranoid doesn't mean that they aren't out to get you... In our case, being paranoid doesn't mean your spouse isn't being unfaithful. The uncertainty and dread of the unthinkable happening is maddening. Many people turn to spyware to find evidence. I will recount my experiences here with some popular software.

Morality and Legality

Without question, it is immoral to invade another person's privacy. In fact, it is illegal. What I'm writing in this post is a review of products and not an endorsement. I don't want to influence you in your decisions - you are responsible for your own actions and their consequences. My post is merely a discussion of popular software and hardware and their benefits and restrictions.

Spyware

Spyware is classified as any software used to capture data without the primary user's consent and/or knowledge. There are several general types of spyware; key loggers, parental/employee monitoring, network packet inspection, and "professional" software.

Nota Bene! 

Installing Spyware

Everyone has a virus scanner and spyware protection software package these days, as well they should. So, how do you install spyware without it being instantly removed? The answer is to modify the security program to create an exception, or blind-spot, for the spyware you install. Prior to installation, you need to create these exceptions in the security software's settings. The software you decide to use will likely have detailed instructions on how to create exceptions. 

The big risk to installing any spyware is that the user may be savvy enough to review their security software settings, do a clean re-install of their security software, or download a new security software package entirely. If the user does this, the exceptions you created will be lost and the user will be alerted to the presence of the spyware.

Key Logger

A key logger is a program that is used to track which keys are struck while the computer is in use. There are many variations on the basic key logger program. Most of the free programs will track the basic keystrokes and save the data to a hidden directory on the computer for later retrieval. More advanced programs will capture additional data, such as; programs in use, screenshots, etc.

Parental/Employee Monitoring

All spyware is distributed or sold to "monitor the computer use of children/employees". As such, parental monitoring software has many spyware features built-in. The features generally include a key logger, a website filter, instant messaging capture, webcam locks, and others. The website filters can often be configured to track, not block, web use. Some monitoring software offer a real-time communication for specific events, such as; visiting an adult website, sending an instant message, computer use during prohibited hours, etc.

There are some software packages which can do an IP lookup and provide a generalized location for the computer. Note that the lookup here isn't very precise and is based on the assigned IP address of the machine. Proxy servers, onion routers, and other actions that impact the domain name server (DNS) assignment of IP addresses can mess with its accuracy.

It is important to note that most parental/employee monitoring software has a splash screen, notification tray icon or other visual cue to alert the user to its presence. You will need to find a solution that meets your needs. If you are negotiating a reconciliation with a wayward spouse, asking them to install a monitoring software on their computer may be one of your conditions.

Network Packet Inspection

This is, by far, the nerdiest of the geekery on this post. Here's an article or two to get you familiar with packets and networking.

In general, networks operate by sending packets of data back and forth. Each packet has a header which tells your router (the traffic cop of you home network) where each should go and in what order. Once packets are received by the destination machine they are decoded and transmuted into data.

Network packet inspection software allows you to monitor these packets. It is also referred to as a "packet sniffer" because it intercepts and decodes each packet sent over the network and presents you with raw data. These are essential and valuable network admin tools. As powerful as these tools are, I found many very cumbersome to use and far too technical for a casual user. My experience has primarily been with Wireshark, Ethereal and WinPcap.

"Professional" Software

For those of us who need a solution that ameliorates the need to have physical access to the computer to download keystrokes, the "professional" software fits the bill. The main operator in the arena is Spectorsoft. I have experience with their product line; eBlaster, SpectorPro, eBlaster Mobile. In my opinion, they have excellent customer service and are very responsive. I've only had to wait an hour most of the time I sent an *email* inquiry to their team.

eBlaster

The features worth mentioning in the eBlaster software are as follow:

• Sends email reports on a user-defined schedule
• Reports contain keystrokes, program use, files transferred or printed, IM activity
• Keywords can be set to send an immediate email report containing the keyword, program use and a screenshot of the computer at the time it was detected
• Remote control panel once installed allows user to adjust what's monitored, how frequent the reports are sent, set keywords, set websites to block, and allow customization of the emailed reports to give a "friendly" subject, sender, etc.
• Forwards emails sent from the computer to an account you select.

Some cons to using the software I learned the hard way:

• The application doesn't support non-major browsers. If your subject uses Opera, Chrome, Iron, RockMelt, etc. much of the beneficial tracking info is lost. You still get the keystrokes logged but the output can be randomly mixed, confusing and lack association with the appropriate webpage or webapp (think of Skype integration in Facebook through the RockMelt browser as an example).
• The frequency and quality of screenshots is limited by Spectorsoft. However, if you utilize your own Gmail account as the SMTP server to send the screenshots this can be circumvented.
• Video streams and audio streams are not captured. Voice/video calls through Skype do not capture the audio or video component. If you're lucky your subject might type a keyword so you can get a screenshot.

SpectorPro

SpectorPro is a software program much like eBlaster. The following are the main differences:

• SpectorPro won't send you email reports. It spools them to a hidden directory on the subject machine. You will need to access the computer to get to them. The software does allow the user to set up a network path where these files can be accessed remotely.
• SpectorPro records computer use like a video recording. You can playback the files and see exactly what was being displayed on screen during the time the subject was using the computer.
• SpectorPro doesn't record audio. A pure voice call on Skype or any other VoIP app wouldn't provide much more detail than seeing the call being made/accepted.

eBlaster Mobile

In my opinion, eBlaster Mobile is where Spectorsoft falls down. First the features:

• Sends periodic email reports.
• Logs calls made, missed and received with time and duration. Looks up the caller in the user's contact book to provide a name with the number.
• Logs website pages loaded (big caveat here, read on for its limitation).
• Logs SMS and MMS sent and received with contact information.
• Sends a thumbnail of a photo or video taken with the phone with geo-tagging and time the picture was taken.
• Looks up GPS location and resolves to a street location at a set schedule
• Allows a geo-fence to be set up which provides alerts when it has been entered or exited. 
• Remote dashboard to set and manage delivery settings
• "Friendly" names for sender of reports, subject, etc.

Limitations:

• The eBlaster Mobile app won't track any websites visited outside of the native android browser. Any use of a browser outside of the crappy one the android was packaged with circumvents eBlaster Mobile entirely.
• The eBlaster Mobile app won't track app usage. You won't know if your kid plays Angry Birds all day in that expensive private school you're sending him to, or if your spouse uses the Skype app for calls/video chat, uses Google Talk, uses Google Voice, Meebo, What's App, and on and on... All of the apps are invisible to eBlaster Mobile.
• The geo-location feature that provides the location of the phone at set intervals is a battery-burner. As an example, the phone I use has a 1.5 day battery life. Using a 2-hour lookup for location during normal use reduces that to about 6-hours.
• It was pretty convoluted to set up. It required I jail-break my phone (more a limitation set by my service provider) prior to set-up.

The Final Word

Find software that works for you. I found the email reports provided by Spectorsoft extremely useful and worth the cost and limitations. I just wish they had a more comprehensive mobile offering.

Hardware

There is hardware available for snooping. The most useful being mini-GPS, spy cameras, and voice recorders (bugs). I have found most of my needs resolved through software but there are hardware options out there.

The Mini-GPS

The Garmin GTU 10 is a mini-GPS unit that's about 3 inches by 1 inch by 1 inch and is fairly expensive. The signal is strong enough to transmit through the body panels of most cars. It sends an email report of its location and Garmin provides an online dashboard to view locations and modify settings.

It has a handy geo-fencing feature which allows you to set it to sleep inside a location. For example, you can have it report hourly and set a geo-fence around your home which it will wake up once it leaves. The GTU 10 can switch to continuous tracking which reports every 30 seconds or so - in real time.

Spy Cameras

Admittedly, I do not have much experience with different types of spy cameras. There is a dizzying array of options and prices. Many are wireless, motion activated and record to a DVR or computer. The small design of modern cameras allow them to be placed almost anywhere. I ran into a major stumbling block when considering the areas I'd want to monitor and the possible locations for a spy cam. I couldn't reconcile where to place it that wasn't in the direct line of sight of my subject and I quickly abandoned the idea.

Audio Recorders

The old "bug". An audio recorder is a discreet method of documenting what is going on when you are not present. The trick is to find a portable, battery friendly device with lots of memory that your subject will likely always be near. One popular choice is a voice-activated recorder made to resemble a key fob. Granted your spouse may be suspicious when you get her a new key fob for no real reason, so it is up to your ability to bullshit your way through it.

Summary

The only thing worse than knowing is not knowing. However, as I always recommend, talk out your problems first. Using these devices and programs in a manner which compromises anyone's privacy is immoral and illegal. It will also break any threads of trust your spouse may have for you and may lead to an inevitable conclusion of divorce. I doubt any of us would be considering these technologies if we didn't have a very solid suspicion but do consider this before hopping down the rabbit hole - what if you are wrong?

-- DNS