Sunday, December 29, 2013

Daily Blog #189: Sunday Funday 12/29/13

Hello Reader,
       This week I thought I would focus on something we have to deal with in the lab occasionally. I've mentioned our process in past forensic lunches but I'm interested to see what you do to solve these issues. With new mobile phones coming out constantly and Android being the most common I thought it would be worth your time to answer this Sunday's challenge.

The Prize:



The Rules:
  1. You must post your answer before Monday 12/30/13 2PM CST (GMT -5)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful 
  6. Anonymous entries are allowed, please email them to dcowen@g-cpartners.com
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post

The Challenge:
You are faced with an Android device where full physical imaging isn't supported by your mobile forensics software provider. What steps would you take to accomplish the following:
1. Locate a safe rooting mechanism
2. Test the rooting mechanism
3. Image the device
4. Manually extract the sms database
5. Parse and export to xls the sms database