Re: Phone Forensics

[Michael Holstein <michael.holstein () csuohio edu>]

> Is it possible to do a forensic investigation on a telephone that stores 
> caller ID information after the delete function has been invoked?  In otherwords, 
> if the user has deleted the incoming caller list is it possible to dump memory 
> to see whats there?  

Of course .. it just depends on how determined you are. If the device 
stores the numbers in flash memory, then it's probably possible to read 
out the contents of the device with hardware reader and look at the 
contents (it won't be encrypted).

If the device uses volatile memory it will be much more difficult (but 
not technically impossible).

> Along this same line is it possible to gather any inbound caller ID 
> information from a telco or another agency without a trace being initiated? 

This is much easier. The telco stores your inbound/outbound call info 
for months (forever?) .. All you need is a subpoena.

> Any advice you might have would be greatly appreciated.

If this is 'your' network (eg: phone connected to your company's 
trunks), you might be able to just ask the telco for it (many provide 
this info for inter-departmental billing). I'd start there.

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/