Data information missing from Data Dump

May 16, 2016
Recently I was reviewing a case that (as usual) hinged heavily on ESI. We were given the data dump of a Samsung Galaxy phone. We also received the phone records of the suspect. The problem is that upon review we noticed that deleted text messages were missing from the data dump. For example we would have deleted text messages from 1/08/15, 1/09/15 and 1/10/15. On the 8th we have most of the text messages. A few are missing or incomplete. On the 9th we have all the messages. On the 10th we are missing all of the text messages. I am at a loss for why this might be. We have dumped all the data on the phone, yet information such as the aforementioned texts are missing. We know text messages were sent or received based off of the suspects phone records. I am afraid the text messages may have been overwritten.

Is there a way we can retrieve those messages or have they been overwritten? What are the chances the text messages were overwritten? What does everyone think?
Aug 7, 2006
First, what kind of extraction was performed (logical, file system, physical)? Secondly, what is the indicated source file, if any, of the text messages which are shown in the extraction?

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu