Re: Forensics on Palm Devices

From: Craig Earnshaw (Craig.Earnshawat_private)
Date: Tue Oct 02 2001 - 04:43:25 PDT

Next message: Javi Polo: "Re: Securely Wiping a Hard Drive"

Previous message: Antti Hakulinen: "RE: Securely Wiping a Hard Drive"
In reply to: Shue David R Contr AFRL/IFGB: "Re: Forensics on Palm Devices"
Next in thread: Arley Carter: "Re: Forensics on Palm Devices"
Reply: Arley Carter: "Re: Forensics on Palm Devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David:

This is an area in which I have been doing some research myself in recent
months.

I must admit that I've primarily been focusing on Palm and Psion devices as
they are the ones that we come across on a regualr basis (I think that I've
only ever dealt with one case involving a CE based machine).

The best utilities that I've come across are UNIX based, and enable complete
images of Palm devices to be extracted (from both password protected and 'open'
machines).  There is also an excellent emulator which recognises the file
structure etc from the image.  Also, as you have an image you are able to
examine the data in slack and free space etc on the Palm.  I'm out of the
office at the moment, but when I get back I'll mail you the details of the two
applications that I've been looking into, both in terms of their forensic
soundness and their usability.

Unfortunately I can't realy help in relation to CE devices though.

All the best

Craig Earnshaw
Lee & Allen Forensic Computing Services

Shue David R Contr AFRL/IFGB wrote:

> Hello,
> I stumbled upon this address doing research. I am looking for Palm
> information(specifically Windows CE and Palm)to get a better understanding
> of the forensic part of them.  I am looking for directory structure, and
> what makes them work internally.  Dealing with their storage mediums, slack
> space, and pretty much anything forensic wise dealing with their memory
> storage.  If you could direct or help me in any way that would be much
> appreciated.  Thanks for your time.
>
> David
>
> -----------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Javi Polo: "Re: Securely Wiping a Hard Drive"
Previous message: Antti Hakulinen: "RE: Securely Wiping a Hard Drive"
In reply to: Shue David R Contr AFRL/IFGB: "Re: Forensics on Palm Devices"
Next in thread: Arley Carter: "Re: Forensics on Palm Devices"
Reply: Arley Carter: "Re: Forensics on Palm Devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 02 2001 - 05:01:30 PDT