Difference between revisions of "BlackBerry"

From ForensicsWiki
Jump to: navigation, search
(Added some overview information to the Forensics section)
Line 26: Line 26:
  
 
=Forensics=
 
=Forensics=
 +
 +
RIM's push technology adds a new and different look at the forensics investigation of a PDA. Unlike traditional PDA's that need to be synchronized with a host computer with the use of a cradle or docking station, Blackberry's are synchronized wirelessly by the pushing of data onto the device. This means that the data on the device could potentially be changing at any moment. Also, a blackberry is never really off. What seems like “off” to the user is really only the display, keyboard, and radio being disabled. So when the device is powered back on to the user, items that have been waiting to be pushed to the device from the server begin immediately. This does not give the forensics examiner the time needed to shut down the device. For this reason, the first step in the acquisition of a Blackberry is to leave it off. The device should only be turned back on when it is in a place that cannot receive a signal and thus nothing can be pushed to it. 
  
  

Revision as of 14:59, 20 February 2006

Overview

The Blackberry is a wireless handheld device that supports e-mail, mobile phone capabilities, text messaging, web browsing, and other wireless information services.


History

The Blackberry was first introduced in 1999 by a company called Research in Motion (RIM).


Operating System

Models

  • 7100 Series
  • 7700 Series
  • 7520
  • 7700 Series
  • 8700 Series

Forensics

RIM's push technology adds a new and different look at the forensics investigation of a PDA. Unlike traditional PDA's that need to be synchronized with a host computer with the use of a cradle or docking station, Blackberry's are synchronized wirelessly by the pushing of data onto the device. This means that the data on the device could potentially be changing at any moment. Also, a blackberry is never really off. What seems like “off” to the user is really only the display, keyboard, and radio being disabled. So when the device is powered back on to the user, items that have been waiting to be pushed to the device from the server begin immediately. This does not give the forensics examiner the time needed to shut down the device. For this reason, the first step in the acquisition of a Blackberry is to leave it off. The device should only be turned back on when it is in a place that cannot receive a signal and thus nothing can be pushed to it.



References:


"What is a Blackberry?"

Discover Blackberry

Forensic Examination of a RIM (BlackBerry) Wireless Device