Difference between pages "Cell phones" and "Fast Thunder"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Tools)
 
(Example queries)
 
Line 1: Line 1:
'''Cell phones''' or '''mobile phones''' are an important target for [[forensic investigator]]s.
+
'''Fast Thunder''' (aka Xunlei) is a [[Download manager|download manager]] developed by Thunder Networking Technologies.
  
== Technologies ==
 
 
* [[CDMA]]
 
* [[TDMA]]
 
* [[GSM]]
 
* [[iDEN]]
 
* [[EDGE]]
 
* [[GPRS]]
 
* [[UMTS]]
 
  
== Hardware ==
+
== SuperDownload database ==
 +
The '''SuperDownload database''' can be found at:
  
* [[RIM BlackBerry]]
+
On Windows
* [[T-Mobile Sidekick  ]]
+
<pre>
* [[SIM Cards]]
+
C:\Program Files\Thunder Network\Thunder\data\SdInfoDb.dat
 +
</pre>
  
== Operating Systems ==
+
This file uses the [[SQLite database format]].
  
* [[Microsoft PocketPC]]
+
The timestamp:
* [[Microsoft Windows Mobile]]
+
* SuperDownloadInfo.ContentDownloadTime is stored as BIGINT and contains a POSIX timestamp
* [[Palm]]
+
* SuperDownloadResource.DownloadTime is stored as BIGINT and contains '''presumably''' a POSIX timestamp
* [[RIM BlackBerry]]
+
* [[Symbian]]
+
* [[Linux]]
+
  
== Forensics ==  
+
== Task database ==
 +
The '''Task database''' can be found at:
  
'''Procedures'''
+
On Windows
 +
<pre>
 +
C:\Program Files\Thunder Network\Thunder\Profiles\TaskDb.dat
 +
</pre>
  
* [[Cell Phone Forensics]]
+
The timestamp:
* [[SIM Card Forensics]]
+
* TaskBase.CreationTime is stored as BIGINT and contains a POSIX timestamp shifted 24-bits to the left, e.g.
* [[External Memory Card Forensics]]
+
<pre>
 +
printf "0x%x\n" 22090158425767936
 +
0x4e7ae1ce000000
  
== Tools ==
+
date -d @$(( 22029112998625280 >> 24 ))
 +
Thu Aug 11 06:37:35 CEST 2011
 +
</pre>
  
'''Flashers'''
+
=== Example queries ===
* [[UFS Tornado]]
+
Some example queries:
  
'''Hardware'''
+
To get an overview of the tasks:
* [[ Azimuth RadioProof™ Enclosures]]
+
<pre>
* [[Radio Frequency (RF) Jammers]]
+
SELECT datetime((TaskBase.CreationTime >> 24), "unixepoch"), TotalReceiveSize, TotalSendSize, Url, ReferenceUrl, Name, Description, SavePath FROM TaskBase;
* [[Network Security Solutions Secure Tents]]
+
</pre>
* [[Network Security Solutions Seizure Bags for Cell Phones/PDAs/Laptops]]
+
* [[Paraben Device Seizure Toolbox]]
+
* [[Paraben Handheld First Responder Kit]]
+
* [[Paraben StrongHold Bag]]
+
  
'''Software'''
+
== See Also ==
* [[BitPIM]]
+
 
* [[Cell Phone Analyzer]]
+
* [[SQLite database format]]
* [[DataPilot Secure View]]
+
 
* [[FloAt's Mobile Agent]]
+
== External Links ==
* [[ForensicMobile]]
+
* [http://en.wikipedia.org/wiki/Xunlei Wikipedia article on Fast Thunder (Xunlei)]
* [[ForensicSIM]]
+
 
* [[Guidance Software Neutrino]]
+
[[Category:Applications]]
* [[iDEN Companion Pro]]
+
[[Category:Download Managers]]
* [[iDEN Media Downloader]]
+
* [[iDEN Phonebook Manager]]
+
* [[LogiCube CellDEK]]
+
* [[MicroSystemation .XRY]]
+
* [[MOBILedit!]]
+
* [[Oxygen PM II]]
+
* [[Paraben Device Seizure]]
+
* [[Paraben SIM Seizure]]
+
* [[Pandora's Box]]
+
* [[Quantaq USIMdetective]]
+
* [[Quantaq USIMcommander]]
+
* [[Quantaq USIMdetective]]
+
* [[Quantaq USIMexplorer]]
+
* [[Quantaq USIMprofiler]]
+
* [[Quantaq USIMregistrar]]
+
* [[TULP2G]]
+

Revision as of 07:50, 21 March 2012

Fast Thunder (aka Xunlei) is a download manager developed by Thunder Networking Technologies.


SuperDownload database

The SuperDownload database can be found at:

On Windows

C:\Program Files\Thunder Network\Thunder\data\SdInfoDb.dat

This file uses the SQLite database format.

The timestamp:

  • SuperDownloadInfo.ContentDownloadTime is stored as BIGINT and contains a POSIX timestamp
  • SuperDownloadResource.DownloadTime is stored as BIGINT and contains presumably a POSIX timestamp

Task database

The Task database can be found at:

On Windows

C:\Program Files\Thunder Network\Thunder\Profiles\TaskDb.dat

The timestamp:

  • TaskBase.CreationTime is stored as BIGINT and contains a POSIX timestamp shifted 24-bits to the left, e.g.
printf "0x%x\n" 22090158425767936
0x4e7ae1ce000000

date -d @$(( 22029112998625280 >> 24 ))
Thu Aug 11 06:37:35 CEST 2011

Example queries

Some example queries:

To get an overview of the tasks:

SELECT datetime((TaskBase.CreationTime >> 24), "unixepoch"), TotalReceiveSize, TotalSendSize, Url, ReferenceUrl, Name, Description, SavePath FROM TaskBase;

See Also

External Links