Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
New Contributor
jefferyabaker
Posts: 2
Registered: ‎02-16-2010
My Device: 8830 World Edition
My Carrier: Verizon

SDK to capture forensic image

Hello.

I'm a forensic analyst looking for specific direction on using the SDK to access Flash memory and acquire a bit-for-bit image of it. I've found a number of postings on various forums that it can be done with SDK utilities; but have not seen anyone describe exactly how. No help in that I am not java-educated.

The closest I'm coming to a possibility is to use javaloader. I know there are a few (expensive) tools that I could buy from UK but for reasons of both economy and insight I'd prefer a software solution.

Yes, I've searched extensively on the BB forums and it's possible I've overlooked something.  Device is 8830 World Edition, provider is Verizon. I've gotten an ipd and converted using ABC successfully; and I've "cloned" the SIM (yes, in a CDMA phone) and imaged it.  Assistance will be truly appreciated.

 

Jeff Baker, CCE

Please use plain text.
Developer
rcmaniac25
Posts: 1,804
Registered: ‎04-28-2009
My Device: Z10 (STL100-4)-10.2.1.3253, Z10 (STL100-3)-10.3.1.634 Dev OS, Z30 (STA100-5)-10.3.1.634 Dev OS, Passport (SQW100-1)-10.3.0.1154, PlayBook (16GB)-2.1.0.1917
My Carrier: Verizon

Re: SDK to capture forensic image

I don't think you need a SDK to do this. If you have tools to read a image on your computer you can plug the BlackBerry into a computer and access it as a flash drive thus you don't alter any data that might be there.

---Spends time in #blackberrydev on freenode (IRC)----
Three simple rules:
1. Please use the search bar before making new posts.
2. "Like" posts that you find helpful.
3. If a solution has been found for your post, mark it as solved.
--I code too much. Well, too bad.
Please use plain text.
JSanders
Posts: 85,166
Likes: 23,028
Solutions: 5,925
Registered: ‎04-01-2008
My Device: Passport • Z30 • Z10 • Torch9850 • Playbook
My Carrier: Verizon

Re: SDK to capture forensic image

What is the state of the device at this time?




1. If any post helps you please click the Like Button below the post(s) that helped you.
2. Please resolve your thread by marking the post "Solution?" which solved it for you!
3. Install free BlackBerry Protect today for backups of contacts and data.
4. Guide to Unlocking your BlackBerry & Unlock Codes


Join our BBM Channels (Beta)
BlackBerry Support Forums Channel
PIN: C0001B7B4   Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA   Display/Scan Bar Code
Please use plain text.
New Contributor
jefferyabaker
Posts: 2
Registered: ‎02-16-2010
My Device: 8830 World Edition
My Carrier: Verizon

Re: SDK to capture forensic image

Current state:

It's powered on and accessible; has the original SIM back in it. Risky, I know, but there was no alternative at this time. As to the previous reply received, I'm unsure how I would get a connect to the Flash specifically, although I've taken a look for that. And I use some robust forensic tools. Thanks so far...

Please use plain text.
New Contributor
dagardc
Posts: 2
Registered: ‎02-22-2010
My Device: 8900
My Carrier: Tmobile

Re: SDK to capture forensic image

I'm having the same issue w/ a Verizon 8330.  The typical phone imaging tools will only allow you to image the SD card or access what's currently allocated, not all of the built-in flash memory.  We have a user whose BB got reset (not wiped) and so the address book is blank, but we'd like to see if there are remnants of it somewhere in the built-in memory to carve out .  Is this even feasible? 

Please use plain text.
Developer
rcmaniac25
Posts: 1,804
Registered: ‎04-28-2009
My Device: Z10 (STL100-4)-10.2.1.3253, Z10 (STL100-3)-10.3.1.634 Dev OS, Z30 (STA100-5)-10.3.1.634 Dev OS, Passport (SQW100-1)-10.3.0.1154, PlayBook (16GB)-2.1.0.1917
My Carrier: Verizon

Re: SDK to capture forensic image

I would think there is a way but don't know. It might be best to send a message to RIM because they might have tools for this.

---Spends time in #blackberrydev on freenode (IRC)----
Three simple rules:
1. Please use the search bar before making new posts.
2. "Like" posts that you find helpful.
3. If a solution has been found for your post, mark it as solved.
--I code too much. Well, too bad.
Please use plain text.
Developer
ydaraishy
Posts: 562
Registered: ‎09-30-2009
My Device: Not Specified

Re: SDK to capture forensic image

If we're talking about what gets exposed as mass storage memory, then on a 'nix machine, one could simply use dd off the device.

 

If we're talking about something more sophisticated like what is used as application memory and is normally internal to the phone, then that is naturally more difficult and I have no suggestions for that.

Please use plain text.
Developer
rcmaniac25
Posts: 1,804
Registered: ‎04-28-2009
My Device: Z10 (STL100-4)-10.2.1.3253, Z10 (STL100-3)-10.3.1.634 Dev OS, Z30 (STA100-5)-10.3.1.634 Dev OS, Passport (SQW100-1)-10.3.0.1154, PlayBook (16GB)-2.1.0.1917
My Carrier: Verizon

Re: SDK to capture forensic image

They have the mass storage, that's easy and can be done on almost an OS. They are looking for access to internal memory (like for where the contacts are stored).

---Spends time in #blackberrydev on freenode (IRC)----
Three simple rules:
1. Please use the search bar before making new posts.
2. "Like" posts that you find helpful.
3. If a solution has been found for your post, mark it as solved.
--I code too much. Well, too bad.
Please use plain text.
Developer
peter_strange
Posts: 19,603
Registered: ‎07-14-2008
My Device: Not Specified

Re: SDK to capture forensic image

I suspect what this person would actually like to do is take a memory dump that can be restored to the device(or perhaps any device0 and will recreate the device as it was.

 

I am not aware of any way to even come close to that.  RIM are the only people likely to be able to do this.  As is typical of a Java environment, APIs are sandboxed from a lot of the detailed OS stuff like this. 

Please use plain text.
New Contributor
dagardc
Posts: 2
Registered: ‎02-22-2010
My Device: 8900
My Carrier: Tmobile

Re: SDK to capture forensic image

Does anyone know who to contact at RIM to figure this out?  The forensics community would greatly benefit from being able to easily dump the internal memory of a BB, and it doesn't matter if it's as one big chunk.

Please use plain text.