Mobile Phone Forensics: Windows Devices
There has been recent interest in computer forensics capabilities when it comes to Windows Phone based mobile devices. Here we answer the most commonly raised questions.
Can you perform an extraction of a particular model?
In the nearly four years since the launch of Windows Phone 7, the range of models which our analysts have had the opportunity to encounter has been fairly limited; this is perhaps a reflection of the difficulty that Microsoft has had to promote its platform. Therefore, what follows is only a list of models which we have successfully examined in the last couple of years, certainly not an exhaustive list of all the devices which we might be able to support.
Windows Phone 7:
• Nokia Lumia 610
• Nokia Lumia 800
Windows Phone 8:
• HTC 8S
• HTC 8X
• Nokia Lumia 520
• Nokia Lumia 620
• Nokia Lumia 920
• Nokia Lumia 925
Can you extract contacts, calls, SMS, MMS, emails and calendar entries?
All of the above and much more can be extracted from Windows Phone 8.
Having successfully reverse-engineered many of the internal data structures of this operating system, we developed a program to quickly extract and present these artefacts. MMS, IM and email reports shall include metadata, full content and links to all associated attachments.
How about Windows Phone 7?
Windows Phone 7 is another kettle of fish: different kernel (CE), different file system (exFAT), different database file formats, but there are some similarities. Our phone examiner tool does not currently support Windows Phone 7, but we can still extract a lot of data such as SMS messages and internet artefacts. Please contact us if you would like to discuss any particular details.
Can you recover data from a certain popular application?
Almost certainly. There is a growing repository of internally developed tools to deal with popular third-party applications, including instant messaging software and social networking clients such as Facebook, WhatsApp, Skype, Kik Messenger and many others, from Windows Phone 7 and 8.
Are you able to disable or bypass security codes?
Because we perform a physical-level acquisition of the supported devices, we are able to acquire data bypassing the standard lock screen mechanism. The lock is not removed from the device.
For more information on mobile phone forensics, digital forensics, or CCL’s other products and services, call us on 01789 261200, email firstname.lastname@example.org or check out http://www.cclgroupltd.com/digital-forensics/law-enforcement/mobile-phone-forensics/
Author is an e-disclosure specialist at CCL Group - the UK’s leading supplier of electronic disclosure and digital forensics consultancy, including: computer forensics, mobile phone forensics and computer digital investigation services, for more information visit www.cclgroupltd.com
|share||like 6||report||49 views|