3

I cannot find any potential tool or technique to do windows phone 8.1 forensics after lot of searching.

I tried to make the image (.dd) of windows phone 8.1 with Linux commands but it fails, Because the windows phone 8.1 has attached as a media drive not as a storage or a simple drive like hard disk or thumb drive.

And it is the rule of digital forensics that if you want to do forensics of digital evidences then first of all you have to make an image of the digital device(s) than start working on it.

And I also gather some information about the Windows phone 8.1 as follows:

  1. Windows Phone 8 uses BitLocker Technology to support the encryption of all internal data storage on the phone with AES 128. Encryption is enabled by either Exchange ActiveSync policy Require Device Encryption or device management policy.
  2. It uses FAT file system.
  3. Cannot root.

Any possible way to take physical or logical dump of windows phone 8.1.

Dharmesh D. Dave
  • 33
  • 3

1 Answers1

1

No expert but I do know that WP8 does indeed use bitlocker and also uses hardware encryption where possible.

So I doubt that you can obtain a usable dump from a standard phone.

Having been involved with a hardware problem on the Nokia phones recently, all I can say is that the engineers use special debug versions of the OS to do hardware level logging and debugging.

I think that you need to contact Microsoft to find out more. I would see if you can track down a tech blog from Microsoft that covers the phone and see if you can reach out to them. They are a lot more responsive generally than they used to be. If you have enterprise support, you could also raise a query via your TAM.

Julian Knight
  • 7,092
  • 17
  • 23