[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Phone Forensics

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Phone Forensics
From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
Date: Tue, 06 Sep 2005 23:19:39 -0400

Is it possible to do a forensic investigation on a telephone that stores caller ID information after the delete function has been invoked? In otherwords, if the user has deleted the incoming caller list is it possible to dump memory to see whats there?

Of course .. it just depends on how determined you are. If the device stores the numbers in flash memory, then it's probably possible to read out the contents of the device with hardware reader and look at the contents (it won't be encrypted).

If the device uses volatile memory it will be much more difficult (but not technically impossible).

Along this same line is it possible to gather any inbound caller ID information from a telco or another agency without a trace being initiated?

This is much easier. The telco stores your inbound/outbound call info for months (forever?) .. All you need is a subpoena.

Any advice you might have would be greatly appreciated.

If this is 'your' network (eg: phone connected to your company's trunks), you might be able to just ask the telco for it (many provide this info for inter-departmental billing). I'd start there.

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Phone Forensics
  - From: JMadincea

Prev by Date: [Full-disclosure] Phone Forensics
Next by Date: [Full-disclosure] MDKSA-2005:159 - Updated kdeedu packages fix tempfile vulnerability
Previous by thread: [Full-disclosure] Phone Forensics
Next by thread: Re: [Full-disclosure] Phone Forensics
Index(es):
- Date
- Thread