±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 32922
New Yesterday: 6 Visitors: 153

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Nokia Lumia 634 RM974

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Nokia Lumia 634 RM974

Post Posted: Fri Oct 02, 2015 9:53 am

Morning All,

I'm manually examining a Lumia 634, going through some SMS on the device, which are pertinent to the investigation. However the SMS only show the date the message was received / Sent. There are no times displayed.

I have looked through display settings and 'googled' for an answer, but no luck.

Any idea how I can get SMS times to be displayed ?  

dandaman_24
Senior Member
 
 
  

Re: Nokia Lumia 634 RM974

Post Posted: Fri Oct 02, 2015 2:38 pm

Dandaman:

If you have consent from the phone owner, you may want to try to root the phone and then acquire data from the phone itself.

Steps and tools:

1) Root the phone using Chimera Tool (https://chimeratool.com/)

Your device is listed as a Nokia Lumia *635* RM-974 or RM-975. The Chimera Tool says it is a Beta version for your device, by the way.

2) Once rooted, use FTK Imager (www.accesdata.com) to create a .E01 "Physical" image of the device.

3) Mount the FTK Imager created forensic image file using FTK Imager or GetData's MountImagePro.

4) Use TestDisk (http://www.cgsecurity.org/wiki/TestDisk) to view and copy out folders and files from the mounted image file's partitions

5) Ingest the TestDisk exported files and folders into your preferred analysis tool (EnCase, Forensic Explorer, XWays) to identify SQLite database files. Analyze the SQLite database files to extract communications, including times and dates.

Regards,

Larry  

UnallocatedClusters
Senior Member
 
 
  

Re: Nokia Lumia 634 RM974

Post Posted: Fri Oct 02, 2015 7:58 pm

That seems to be a common theme among most of the Lumia models from a manual point of view anyway...

You could use eMMC In-System Programming (ISP) to create a binary image - I carried out this process yesterday on a 635 (RM-974) with success. You could then process the store.vol which contains the SMS incl. timestamps with your tool of choice to decode them e.g.: UFED PA or there's now an 'add-on' for Forensic Browser for SQLite, which allows processing of ESE databases.  

DCS1094
Senior Member
 
 
  

Re: Nokia Lumia 634 RM974

Post Posted: Sun Oct 04, 2015 4:20 am

Thanks for the info... I have ISP kit from Forensic Navigation ( which is in my other office) Do you have any schematics on this device your willing to point me to ? I know they're different models, just to get a feel of the board layout, hopefully they are laid out the same under the hood. PM me image / info if you want.

Unfortunately I don't have the Chimeratool in my armory, so this is out of the window for now.

Thanks
Dan  

dandaman_24
Senior Member
 
 
  

Re: Nokia Lumia 634 RM974

Post Posted: Wed Oct 14, 2015 3:55 pm

Hi Dan, the schematics for the 635 are in the CODED resources section on the forensic navigation website.  

andysayers
Member
 
 
  

Re: Nokia Lumia 634 RM974

Post Posted: Wed Oct 21, 2015 4:37 am

Hi Andy,

I've just seen your schematics for the handset, somewhat more detailed than the ATF box instructions.  

dandaman_24
Senior Member
 
 

Page 1 of 1