Disclaimer, I have not used it, but saw a demo and Amber the owner (I think) has been in the forensics biz forever. http://www.paraben.com/html/pda/index.html Warren G. Kruse II Investigations Manager Cyber Investigations and Forensic Analysis - Team Lead 732-949-8713 732-332-6300 (FAX) wgkruseat_private This electronic mail message contains information belonging to Lucent Technologies which may be confidential and/or legal privileged. The information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, printing, copying, distribution, or the taking of any action in reliance on the contents of this electronically mailed information is strictly prohibited. If you receive this message in error, please immediately notify us by electronic mail and delete this message. -----Original Message----- From: Craig Earnshaw [mailto:Craig.Earnshawat_private] Sent: Tuesday, October 02, 2001 7:43 AM To: Shue David R Contr AFRL/IFGB; forensicsat_private Subject: Re: Forensics on Palm Devices David: This is an area in which I have been doing some research myself in recent months. I must admit that I've primarily been focusing on Palm and Psion devices as they are the ones that we come across on a regualr basis (I think that I've only ever dealt with one case involving a CE based machine). The best utilities that I've come across are UNIX based, and enable complete images of Palm devices to be extracted (from both password protected and 'open' machines). There is also an excellent emulator which recognises the file structure etc from the image. Also, as you have an image you are able to examine the data in slack and free space etc on the Palm. I'm out of the office at the moment, but when I get back I'll mail you the details of the two applications that I've been looking into, both in terms of their forensic soundness and their usability. Unfortunately I can't realy help in relation to CE devices though. All the best Craig Earnshaw Lee & Allen Forensic Computing Services Shue David R Contr AFRL/IFGB wrote: > Hello, > I stumbled upon this address doing research. I am looking for Palm > information(specifically Windows CE and Palm)to get a better understanding > of the forensic part of them. I am looking for directory structure, and > what makes them work internally. Dealing with their storage mediums, slack > space, and pretty much anything forensic wise dealing with their memory > storage. If you could direct or help me in any way that would be much > appreciated. Thanks for your time. > > David > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Oct 02 2001 - 06:14:03 PDT