Information Technology Reference
In-Depth Information
BlackBerry analysis
BlackBerry devices are still used by employees of major corporations due to the great se-
curity features.
eDiscovery
cases often require the examiner to be well versed in extracting
and analyzing data from computers, servers, and smartphones such as BlackBerry devices.
Commercial tools are available for the analysis of BlackBerry devices. The method of ac-
quisition will determine the amount of analysis possible by the examiner. For example, a
physical acquisition may have been obtained, but the forensic tool does not automatically
parse the data in the image file. This requires the examiner to manually carve and recon-
struct the data. BlackBerry devices are one of the most complicated smartphones to under-
stand and consistently reconstruct by manual examination. The previous section provided
some steps to successfully extracting data from BlackBerry devices. The acquisition steps
should be followed to ensure that data is not missed. Multiple acquisitions may be required
in order to extract and recover the user data from a BlackBerry device. The methodologies
and forensic tools required to analyze data from BlackBerry backup files and forensic im-
ages differ, and they are defined in the following sections.
