We just made a video to show you how easy it is to recover the security codes from a mobile device using XRY.
Click on the link below to see a step-by-step guide to using just one of the features built into this leading mobile forensics tool.
It’s an interesting question - assuming the average mobile phone examiner gets exposed to lots of different devices over the course of their duties, when it comes to choosing a mobile device of their own, what do they pick?
We’ve been playing with our website analytics package to see what useful information we could retrieve about our visitors. When it comes to niche markets I think we can safely say Micro Systemation is pretty niche; given that our market is extremely well focused on just one thing – digital forensics for mobile phones.
As our customer base tends to be dominated by law enforcement, government and military types; it makes for some interesting observations as to what our visitors personal mobile device preferences are?
We totally accept that this is not a particularly detailed scientific study and no doubt you can very easily argue why this information is not that representative – nevertheless it’s the holiday season (in the northern hemisphere) and we thought this subject was light-hearted and interesting enough topic to publish for your reading pleasure in your downtime.
So what are the dramatic conclusions we have come to; well it seems you really like the iPhone but Google is the real winner.
Not exactly shocking news but it turns out that the iPhone is the number one smartphone to visit our website, responsible for over 22% of our mobile visitors. This is quickly followed by the iPad soaking up another 16%. So between the two devices it seems that Apple accounts for around 38% of all our mobile visitors.
However Google's Android Operating System is responsible for a larger 45% of all of our mobile device operating system traffic!
What’s more interesting and curious perhaps, was the number 2 slot occupied by the mysterious ”Not Set”. The conspiracy theories abound about the causes of “Not Set” – do you all have access to super new beta versions of unidentifiable phones. Are all you using the latest Shanzhai clone phones running Android with false IMEIs or is it the case that you are all so surveillance conscious, that you have disabled the model identification on your devices?
We welcome your contributions as to possible causes of “Not Set”, as the more tedious and realistic answer that our analytics software is not that good, was too disappointing to consider.
| Rank | Mobile Device Info | Operating System |
| 1. | Apple iPhone | iOS |
| 2. | (not set) | Android |
| 3. | Apple iPad | iOS |
| 4. | Samsung GT-I9000 Galaxy S | Android |
| 5. | HTC Desire | Android |
| 6. | Sony Ericsson E15a Xperia X8 | Android |
| 7. | Huawei M860 Ascend | Android |
| 8. | Samsung GT I9000T Galaxy S | Android |
| 9. | HTC EVO 4G | Android |
| 10. | Kyocera M6000 Zio | Android |
| 11. | LG P500h | Android |
| 12. | Motorola Moto MB300 Backflip | Android |
| 13. | Samsung GT-S5570 Galaxy Mini | Android |
| 14. | Sony Ericsson X10a Xperia X10 | Android |
| 15. | Verizon Droid | Android |
| 16. | Apple iPod Touch | iOS |
| 17. | Motorola i1 Opus One | Android |
| 18. | Samsung GT-I5500L | Android |
| 19. | Motorola DroidX | Android |
| 20. | Motorola MB525 DEFY | Android |
| 21. | Samsung Galaxy Tab | Android |
| 22. | Samsung GT-I9003 | Android |
| 23. | HTC Wildfire | Android |
| 24. | Motorola A853 Milestone | Android |
| 25. | RIM BlackBerry 9300 Curve 3G | BlackBerry |
| 26. | Samsung GT i5700 Galaxy Spica | Android |
| 27. | Samsung GT-I9100 Galaxy S II | Android |
| 28. | Sony Ericsson E15i Xperia X8 | Android |
| 29. | Sony Ericsson LT15i Xperia Arc | Android |
| 30. | HTC Desire HD | Android |
A final thought - by the middle of 2011 not one single Nokia device now appears in our Top 30!
If you need to perform a physical dump of an Android – we can help.
Customers have been asking for this for a long time, so we are very pleased to offer a new first in terms of full forensic dumping and decoding of Android operating system handsets in v5.6 of XRY.
For this first release we have been able to fully test over 60 Android Handsets but of course more will follow in due course as we roll out new releases later in the year. All the indications are that this release will support the multitude of handsets out there, it is simply a matter of policy that we will not claim support for a device without having actually tested it – to ensure the highest levels of support available.
Whilst undoubtedly it won’t work with every handset with every possible version of Android - we do know it works on most with modern versions up to OS version 2.3.
So there is a very good chance it should work for you. So give it a go and let us know the results – we are always glad to know when a device works so that we can add it to our list of ‘Untested’ devices to assist examiners.
A support video demonstrating how to perform the set-up required for a Android Physical acquistion is available on our secure download site.
What constitutes a supported device in a mobile forensic product is an area of considerable confusion for a lot of customers. We are aware that several different vendors have chosen to define their support differently and this leads to difficulty in doing objective comparisons. It gets even more confusing when you discover that different products extract different amounts of information from the same devices...
The number of phones claimed as supported is no real indicator of the actual quality of a product, so it has started to become a bit meaningless as a way of explaining support in mobile forensics.
We faced the same problem recently and that is why we have now switched terminology away from using the term “Phones Supported” to use the term “Device Profiles” to try and explain more clearly where improvements are occurring in our product range.
Why did we do this? – Well consider this example:
If in January we offer Logical extraction support for 2,000 different mobile phone handsets and then on our next release in March we do a lot of development work on physical dumping of these same handsets and include 500 of them with physical dumping extraction, then on the next release we still only support 2,000 different mobile phones?
If for the next release after that we then focus on the automatic physical decoding of these same 500 phones that we just released physical dumping support for, then after the second release in June, we still only have support for 2,000 different phones?
So after six months research and development work and 2 new releases - the phone support count remains exactly the same? That’s not very helpful for anyone, so we decided to change the terminology to more accurately reflect the work involved and where the improvements are being delivered to users.
Using the term "Device Profile" in the same scenario above, we can now show that we now have support for 2,500 device profiles in March and 3,000 device profiles in June - where a device profile describes a different level of support for the recovery of data from a specific mobile device (albeit that it may be the same device).
To us this seems a much fairer way of measuring what a product does in mobile forensics. So that is why we now use the term “Device Profile” and not “Phones Supported” in our documentation.
It's nice to see at least one of our competitors has followed our lead recently and now also uses the same terminology; now if we can just agree exactly what a device profile includes and does not include....
Our development team have been busy researching the Android operating system and we found an interesting feature we thought you might like to know about.
It turns out that if USB debugging mode is turned on, then XRY can extract data from the device without the need to enter the device passcode/pattern.
This also works on rooted devices and it’s even possible to root a locked device as long as USB debugging is turned on. We have tested XRY and it connects fine and downloads all the data, before you enter the code. This works for both android v1.5 and v2.2, so it should also work for all the versions in between.
But before you get too excited - this only works if USB debugging is enabled. If that is not switched on then you still have a problem. So if you do have a live android device, please enable USB debugging before it is switched off. That way it won’t make any difference if the code is set when it comes to examining the Android device at a later date.
In summary this little nugget of information is going to be most effective when you have immediate access to the phone, before it locks and before the phone is switched off or the battery runs out. Also it may not be possible in every case; if the android phone has a screen lock (like a password screen saver) then you may not be able to get into the phone to change the USB debugging settings.
And finally please ensure that you have the full legal rights to undertake this type of examination of course!
Copyright © 2012 Micro Systemation
