Hacker News new | ask | show | jobs
by ErrantX 5531 days ago
At least some phones running Google's Android OS

Android is a dream for someone like me (forensic analyst). It is easy to get data off, and is chock full of all sorts of cached information. iPhone is more difficult, and can sometimes be very hit and miss in what you can get off it.

I've used pretty much all of the tools listed on that page, and none are as magical as they claim. One of the best is .XRY, which is my preference because for a lot of phones you can use it to extract a raw memory dump and analyse it more carefully/deeply.

The key thing to know here is that all phones cache location information like this in some form. Older phones used to only cache a little bit, but usually enough to recover some previous cell sites. Modern phones, with more location features, more memory and more advances OS's, just store more of this information.

IMO it's not so much that LE have been keeping it deliberately quiet. I mean, I for one figured it was fairly obvious. The story here is, IMO, it being sent back to Apple/Google etc. Not that the data is cached.
2 comments
mixmax 5531 days ago
Somewhat unrelated - but who do forensic analysts work for, and what do they look for? Are they only working for government agencies, or is there some kind of private work as well? Are you looking for terrorists, kiddie porn or something entirely different?

Just curious...

link
ErrantX 5530 days ago
I work for a private company and we contract out to both the private and public sectors. There is definitely a lot of private work; not just investigations but document recovery etc. It also segues into general security work. The public sector, at least in the UK, is on the decline. Budgets are dropping and so everything is going in-house and they are getting rid of the expensive contractors.

Most of the work in my experience is fraud related, probably around 80% of it. But this can vary (with the time of year, current economic/political climate etc.). As exciting as it sometimes gets to sound (and indeed, sometimes is) 99% of digital forensics is sheer. absolute. boredom. :)

link
blub 5531 days ago
What about a Symbian E-series device with its on-the-fly encryption activated? Can you get anything off it if the phone is turned on but locked?
link
ErrantX 5530 days ago
Honest answer; never come across one. I'm going to guess that will be a serious hurdle to overcome (assuming no one has found a workaround).
link