Windows Mobile Fore...
 
Notifications
Clear all

Windows Mobile Forensics

6 Posts
4 Users
0 Likes
602 Views
(@forensicitderby)
Posts: 18
Active Member
Topic starter
 

Hi,

As part of our university research, we have been asked to look in to Windows Mobile OS forensics. Not Windows Phone.

Do any of you guys have any recommendation for tools to use to extract key information such as call logs, internet history and SMS?

Preferably free tools.

One of the issues is that whenever you Google Windows Mobile Forensics, a lot of the results are for the newer Windows Phone OS.

We have a BIN image.

Thanks in advance.

 
Posted : 25/03/2015 3:52 pm
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

You can use trial version Belkasoft http//belkasoft.com/get .

Analyzing Windows Phone 8.1 JTAG and UFED Dumps

 
Posted : 25/03/2015 5:25 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Hi,

As part of our university research, we have been asked to look in to Windows Mobile OS forensics. Not Windows Phone.

Please define better "Windows Mobile", there are several versions of it
http//en.wikipedia.org/wiki/Windows_Mobile
all of them being more or less a "re-brand" of "Windows CE", and usually the "Windows CE" structures (and related "Windows CE" info, also related to forensics, are interchangeable with "Windows Mobile").

You can draw an approximate line with dates of results found typically anything 2010 or earlier is related to "Windows Mobile" and anything after is related to "Windows Phone".

Here is something that may interest you (considering that something like 80% or so of all devices were HTC)
http//digital-forensics.sans.org/blog/2009/08/12/acquiring-data-from-windows-mobile-devices/

jaclaz

 
Posted : 25/03/2015 6:10 pm
(@forensicitderby)
Posts: 18
Active Member
Topic starter
 

Windows Mobile as in the successor to Windows CE, HTC devices. Pre Windows Phone. Runs on the old XDA/SPV/HTC phones.

 
Posted : 25/03/2015 9:30 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Windows Mobile as in the successor to Windows CE, HTC devices. Pre Windows Phone. Runs on the old XDA/SPV/HTC phones.

Yep ) , I only tried (if needed) to "narrow the scope" HTC devices are known to be running at least
Windows Mobile 6
Windows Mobile 6.1
Windows Mobile 6.5

though they are very similar, there may be between them differences that are relevant in a forensic view of a disk image
http//en.wikipedia.org/wiki/Windows_Mobile_6.1
http//en.wikipedia.org/wiki/Windows_Mobile_6.5

And it is not really a "successor" of Windows CE, as it is essentially Windows CE (version 5/5.2).

jaclaz

 
Posted : 25/03/2015 11:00 pm
(@paraben)
Posts: 47
Eminent Member
 

Device Seizure supports all the Windows Mobile versions. You can get a free 30 day license here https://www.paraben.com/challenge.php

 
Posted : 26/03/2015 12:37 am
Share: