Embed Size (px)
DESCRIPTION
"There has been recent interest in computer forensics capabilities when it comes to Windows Phone based mobile devices. Here we answer the most commonly raised questions. , for more information visit www.cclgroupltd.com"
Citation preview
Mobile Phone Forensics: Windows Devices
There has been recent interest in computer forensics capabilities when it comes to Windows Phone based mobile devices. Here we answer the most commonly
raised questions.
Can you perform an extraction of a particular model?
In the nearly four years since the launch of Windows Phone 7, the range of models which our analysts have had the opportunity to encounter has been fairly
limited; this is perhaps a reflection of the difficulty that Microsoft has had to promote its platform. Therefore, what follows is only a list of models which we have
successfully examined in the last couple of years, certainly not an exhaustive list of all the devices which we might be able to support.
Windows Phone 7:
Nokia Lumia 610
Nokia Lumia 800
Windows Phone 8:
HTC 8S
HTC 8X
Nokia Lumia 520
Nokia Lumia 620
Nokia Lumia 920
Nokia Lumia 925
Can you extract contacts, calls, SMS, MMS, emails and calendar entries?
All of the above and much more can be extracted from Windows Phone 8.
Having successfully reverse-engineered many of the internal data structures of this operating system, we developed a program to quickly extract and present these
artefacts. MMS, IM and email reports shall include metadata, full content and links to all associated attachments.
How about Windows Phone 7?
Windows Phone 7 is another kettle of fish: different kernel (CE), different file system (exFAT), different database file formats, but there are some similarities. Our
phone examiner tool does not currently support Windows Phone 7, but we can still extract a lot of data such as SMS messages and internet artefacts. Please contact
us if you would like to discuss any particular details.
Can you recover data from a certain popular application?
Almost certainly. There is a growing repository of internally developed tools to deal with popular third-party applications, including instant messaging software
and social networking clients such as Face book, WhatsApp, Skype, Kik Messenger and many others, from Windows Phone 7 and 8.
Are you able to disable or bypass security codes?
Because we perform a physical-level acquisition of the supported devices, we are able to acquire data bypassing the standard lock screen mechanism. The lock is
not removed from the device.
For more information on mobile phone forensics, digital forensics, or CCL’s other products and services, call us on 01789 261200, email [email protected]
or check out http://www.cclgroupltd.com/digital-forensics/law-enforcement/mobile-phone-forensics/
UK’s leading supplier of electronic disclosure and digital forensics consultancy, including: computer forensics, mobile phone forensics and digital investigation
services.
Home About Partners News Publications Contact
