SANS Digital Forensics and Incident Response Blog: Author - craigswright

Hex Dumping Flash From a Mobile

Most mobile phone manufacturers sell or provide tools allowing for the management of data. There are some exceptions with the very low cost devices. The problem that arises is that few of these tools are forensically sound. Hence the need for an alternative, hex dumps from a flasher.

Model: UN-0412100 Flasher by Twister

A Hex dump of the device is a physical acquisition of the device's memory. In the majority of devices available this will necessitate the use of a "flasher" or "twister" device. These are specialist support tools that are designed for the repair and servicing of mobile devices. The benefit to the


Why Mobile Device Forensics is the new "Killer" field

I have just completed work on a forensics chapter of a book on mobile malicious code (MMC). What researching this topic has made me do is to think just how many things that an attacker can do with a mobile phone. In this post I am going to address just three of the many reasons why it is important to ensure that these devices are not overlooked in forensic examinations.

Using a Mobile to Locate and Track People

A number of services already exist that can locate a mobile phone. These services are nowhere near as accurate as a GPS (which is now being included in phones), but they allow for a parent to monitor where their children go or a spouse to monitor their wayward partner. SIM based tracking can target a phone to within 500 meters. In a phone with an integrated GPS (such as some iPhones) the accuracy can be as good as within 5 meters.