Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: karlfernandes
New Today: 1
New Yesterday: 0
Overall: 29414

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 Hostile work enviornment
 Can anyone suggest me a topic under printers forensics
 Unallocated clustered as court evidence
 Encryption
 I know how to recover ost file 2016

Computer Forensics World Forums


Pages Served
We received
52973133
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Data information missing from Data Dump
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Data information missing from Data Dump

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Technical Issues
View previous topic :: View next topic  
Author Message
JayGarrick
Newbie
Newbie


Joined: May 17, 2016
Posts: 2

PostPosted: Wed May 18, 2016 9:16 am    Post subject: Data information missing from Data Dump Reply with quote

Recently I was reviewing a case that (as usual) hinged heavily on ESI. We were given the data dump of a Samsung Galaxy phone. We also received the phone records of the suspect. The problem is that upon review we noticed that deleted text messages were missing from the data dump. For example we would have deleted text messages from 1/08/15, 1/09/15 and 1/10/15. On the 8th we have most of the text messages. A few are missing or incomplete. On the 9th we have all the messages. On the 10th we are missing all of the text messages. I am at a loss for why this might be. We have dumped all the data on the phone, yet information such as the aforementioned texts are missing. We know text messages were sent or received based off of the suspects phone records. I am afraid the text messages may have been overwritten.

Is there a way we can retrieve those messages or have they been overwritten? What are the chances the text messages were overwritten? What does everyone think?
Back to top
View user's profile
Cyber_Da_Inv
Newbie
Newbie


Joined: Aug 08, 2006
Posts: 61
Location: Costa Mesa, California

PostPosted: Wed May 18, 2016 9:26 am    Post subject: Reply with quote

First, what kind of extraction was performed (logical, file system, physical)? Secondly, what is the indicated source file, if any, of the text messages which are shown in the extraction?
_________________
Mark Eskridge
dfinvestigations(dot)com
Back to top
View user's profile Visit poster's website
JayGarrick
Newbie
Newbie


Joined: May 17, 2016
Posts: 2

PostPosted: Fri May 20, 2016 9:24 pm    Post subject: Reply with quote

Sorry for my delay in replying. It was a physical dump. There was no source file indicated on the extraction report.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Technical Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.