Forensics on Palm Devices

From: Riney, Jonathan S. (jsrineyat_private)
Date: Thu Jun 14 2001 - 11:47:46 PDT

Next message: dcdave: "Re: Forensics on Palm Devices"

Previous message: Jay D. Dyson: "Re: Possible Intrusion?"
Next in thread: dcdave: "Re: Forensics on Palm Devices"
Reply: dcdave: "Re: Forensics on Palm Devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm looking for any information (best practices, tools used, etc.) on
performing forensic reviews of handheld type devices (Palm Inc, Handspring,
iPAQ...).  

What are considering is syncing these devices to a workstation with a virgin
OS and performing the review on this hard disk.  Upon completion of the
review, we plan on wiping the drive (provided it does not contain any data
we are looking for) and then re-installing the OS for the next review.  

There are a lot of problems we need to iron out with this process...a couple
of which are ensuring we preserve the evidence on the handheld, as well as
the fact we are missing any data that may be resident in unallocated areas
of the device (since the sync will only update active files thus missing any
deleted files on the device).

Any help would be greatly appreciated!

Scott Riney
Logicon/TASC

Next message: dcdave: "Re: Forensics on Palm Devices"
Previous message: Jay D. Dyson: "Re: Possible Intrusion?"
Next in thread: dcdave: "Re: Forensics on Palm Devices"
Reply: dcdave: "Re: Forensics on Palm Devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 14 2001 - 17:27:57 PDT