// archives

Forensics

RSS feed for this section
This category contains 8 posts

Puttering around with BlackBerry forensics — Part 2

By September 30, 2011 Post a comment

Okay then. It apparently takes me a while between posts. I’ve been keeping a bit busy with several projects and it has been difficult to find the time to conduct much research or write blog posts. I do have an upcoming white-paper that I will release somewhere in November. It includes source code to the toolkit that [...]

Puttering around with BlackBerry forensics — Part 1

By July 22, 2011 7 comments

 I’m guilty of sitting on source code which I should have released a long time ago.  I make excuses to myself that I didn’t release any of it because I was waiting for someone to come along and prove to me that there was a better way of doing things.  I guess the bottom line [...]

Recover Deleted Data from SQLite Databases

By November 29, 2010 2 comments

Recovering data from an SQLite database has many uses.  Why you ask? One main reason is that SQLite has increased in popularity to epic proportions.  It is the most ideal candidate for use in a resource constrained environment.  Like where you ask?  The industry most benefiting from SQLite at the moment is the mobile phone [...]

You want the BlackBerry Event Log? beg damnit!

By July 1, 2010 5 comments

It’s been quite a while since my last post.  I’ve been a bit on the busy side with work, family and a bit of research.  Inspired by a friend and fellow researcher – Cst. Shafik Punja, I decided to look deeper into BlackBerry connectivity via USB.  If I succeeded at understanding this topic, I would [...]

BlackBerry Hidden Program Revealer v0.1

By July 17, 2009 29 comments

Okay, for real this time.  Continuing from my previous post, I’ve got version 0.1 of the HiddenProgs app available for download.  Grab your copy here.  The way I installed it was to just navigate to the link using my Bold.  By downloading the program, you’re acknowledging you’ve read and understood the disclaimer below. Description The [...]

Etisalat BlackBerry Spyware Revealer

By July 16, 2009 5 comments

I wrote a spyware busting tool for the Etisalat Spyware that was recently installed on BlackBerries across the UAE. I am waiting to get my Code Signing Keys sorted from RIM before I can release it publicly. Mail me for the source.

Memory Card Forensics

By June 19, 2007 Post a comment

So I’m looking into forensics and I remember reading about how some guys would buy used hard drives belonging to hospitals or banks and do some recovery on the data and come up with some interesting stuff and I think, why not try it on Memory Cards? Sure, it’s not an original idea, but a [...]

Installing CarvFS on Ubuntu 7.04

By June 18, 2007 3 comments

In place carving can save you a fair amount of space. There was a paper written about it and the Dutch National Police Agency also wrote a tool called CarvFS that does exactly this. What CarvFS allows you to do is mount an EWF image or raw ‘dd’ image and reference blocks of data by [...]