Forensics Reviews Tools

EnCase 7: Smartphone Frustrations

We recently upgraded to EnCase 7, and now with smart devices becoming a hot commodity in the business, there’s a need for smartphone analysis. Now, I haven’t done much with smartphones when it comes to acquiring them (anything I have done has been infrequently on a Celebrite) so playing around with version 7’s new smartphone functionality has been, a bit challenging.
My first fight was with iOS. Understandably, I needed to install iTunes on the forensic machine so that the device would be able to talk with the Windows machine. I got that. That was fine. I first tried an iPad. Everything worked great — it acquired, I was able to pull information, and EnCase was able to put it in a report format for me. Awesome. I next played with an iPhone (which had the same iOS version, settings, apps, etc., mind you) and ran into all sorts of difficulties. I entered the passcode for the iPhone to unlock it (just as I had done with the iPad) but the contents seemed to be encrypted. I was able to read the names of the files, but the contents were all jibber-jabble. As I said before, the settings were all the same on the iPhone as they were on the iPad, and the backups weren’t encrypted, so what’s the problem? Why would the iPad read perfectly fine, but the iPhone not? Mysteries Mysteries…
Today I tried acquiring a Blackberry. Once again, I got nowhere significant. EnCase was able to detect it, but wouldn’t acquire it. After research, I found that I also needed to install a program and/or driver for Blackberry, since Device Manager recognized it, but I wasn’t able to access it. The driver I needed was included in a Windows Update (which I cannot perform because our forensic machines are not connected to any network) so further research continued. A few forums mentioned installing Blackberry Desktop to help the computer talk with the Blackberry, but ran into issues installing that, with error after error during the install (“The installation files cannot be validated. Please verify the installer package and try again.”). Websense blocked a few websites which Google displayed having an answer for these errors, so at the time I dropped the project. Now, I might have a solution to the digital signature problem with the Blackberry which I will try tomorrow.
My experience with the EnCase smartphone suite was not an easy task. Maybe it’s because I’m inexperienced (I just got my first smartphone a couple weeks ago) or because EnCase’s tool isn’t all that great. I’m going to look into and play around with Oxygen Forensic Suite to look at their mobile forensic solution, in anticipation for AccessData’s Mobile Phone Examiner Plus software to be installed and tested.

One thought on “EnCase 7: Smartphone Frustrations

  1. Hello!

    My name is Zuzanna and I’m editor at eForensic Magazine. At the moment we are preparing an issue about EnCase. I have become acquainted with your credentials and think your experience would be a great value for our magazine.

    What we offer is: free access to online site that includes your article, the chance of self-promotion, possibility to reaching about 50 000 specialists all over the world in IT security field and our readers, the ability for having your name showed to the public along with your publication, the prospects that derives from working with an experienced magazine.

    Would you be interested in writting pro bono an article concering the matter of EnCase? The proposed term for wirtting is two weeks.

    For more information please visit our website: http://www.eforensicsmag.com .

    Pleasa contact me via email: zuzanna.gregorczuk@software.com.pl .

    Looking forward for hearing from you,

    Best regards,
    Zuzanna

Leave a Reply

Your email address will not be published. Required fields are marked *