02-16-2010 08:03 AM
I'm a forensic analyst looking for specific direction on using the SDK to access Flash memory and acquire a bit-for-bit image of it. I've found a number of postings on various forums that it can be done with SDK utilities; but have not seen anyone describe exactly how. No help in that I am not java-educated.
The closest I'm coming to a possibility is to use javaloader. I know there are a few (expensive) tools that I could buy from UK but for reasons of both economy and insight I'd prefer a software solution.
Yes, I've searched extensively on the BB forums and it's possible I've overlooked something. Device is 8830 World Edition, provider is Verizon. I've gotten an ipd and converted using ABC successfully; and I've "cloned" the SIM (yes, in a CDMA phone) and imaged it. Assistance will be truly appreciated.
Jeff Baker, CCE
02-16-2010 09:48 AM
I don't think you need a SDK to do this. If you have tools to read a image on your computer you can plug the BlackBerry into a computer and access it as a flash drive thus you don't alter any data that might be there.
02-16-2010 10:28 AM
What is the state of the device at this time?
PIN: C0001B7B4 Display/Scan Bar Code
PIN: C0005A9AA Display/Scan Bar Code
02-16-2010 11:01 AM
It's powered on and accessible; has the original SIM back in it. Risky, I know, but there was no alternative at this time. As to the previous reply received, I'm unsure how I would get a connect to the Flash specifically, although I've taken a look for that. And I use some robust forensic tools. Thanks so far...
02-22-2010 03:47 PM
I'm having the same issue w/ a Verizon 8330. The typical phone imaging tools will only allow you to image the SD card or access what's currently allocated, not all of the built-in flash memory. We have a user whose BB got reset (not wiped) and so the address book is blank, but we'd like to see if there are remnants of it somewhere in the built-in memory to carve out . Is this even feasible?
02-22-2010 04:05 PM
I would think there is a way but don't know. It might be best to send a message to RIM because they might have tools for this.
02-22-2010 04:11 PM
If we're talking about what gets exposed as mass storage memory, then on a 'nix machine, one could simply use dd off the device.
If we're talking about something more sophisticated like what is used as application memory and is normally internal to the phone, then that is naturally more difficult and I have no suggestions for that.
02-22-2010 05:11 PM
They have the mass storage, that's easy and can be done on almost an OS. They are looking for access to internal memory (like for where the contacts are stored).
02-22-2010 08:51 PM
I suspect what this person would actually like to do is take a memory dump that can be restored to the device(or perhaps any device0 and will recreate the device as it was.
I am not aware of any way to even come close to that. RIM are the only people likely to be able to do this. As is typical of a Java environment, APIs are sandboxed from a lot of the detailed OS stuff like this.
03-01-2010 06:59 PM
Does anyone know who to contact at RIM to figure this out? The forensics community would greatly benefit from being able to easily dump the internal memory of a BB, and it doesn't matter if it's as one big chunk.