| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <431E5C4B.60209@csuohio.edu> Date: Wed Sep 7 04:20:42 2005 From: michael.holstein at csuohio.edu (Michael Holstein) Subject: Phone Forensics > Is it possible to do a forensic investigation on a telephone that stores > caller ID information after the delete function has been invoked? In otherwords, > if the user has deleted the incoming caller list is it possible to dump memory > to see whats there? Of course .. it just depends on how determined you are. If the device stores the numbers in flash memory, then it's probably possible to read out the contents of the device with hardware reader and look at the contents (it won't be encrypted). If the device uses volatile memory it will be much more difficult (but not technically impossible). > Along this same line is it possible to gather any inbound caller ID > information from a telco or another agency without a trace being initiated? This is much easier. The telco stores your inbound/outbound call info for months (forever?) .. All you need is a subpoena. > Any advice you might have would be greatly appreciated. If this is 'your' network (eg: phone connected to your company's trunks), you might be able to just ask the telco for it (many provide this info for inter-departmental billing). I'd start there. Cheers, Michael Holstein CISSP GCIA Cleveland State University
Powered by blists - more mailing lists