firehawk_1
10th November 2009, 09:04 PM
I have a Windows Mobile 6.1 device which is a samsung omnia.
I am trying to create a raw/image of the Windows Mobile area for forensics.
I am using the itsutils package, using pdocread however, I always get the error "ITTFFSGetInfo - The device is not ready for use"
any ideas?
pdocread -l gives me this:
130.68M (0x82ad000) DSK1:
| 1.35M (0x159800) Part00
| 2.46M (0x276000) Part01
| 126.86M (0x7edc800) Part02
88.22M (0x5839000) DSK2:
| 88.22M (0x5838000) Part00
0.00 (0x0) DSK5:
| 0.00 (0x0) PART00
15.00G (0x3c0000000) DSK3:
| 15.00G (0x3bffffc00) Part00
STRG handles:
handle 46174b6a 15.00G (0x3bffffc00)
handle 0699b026
handle e6cd9532 88.22M (0x5838000)
handle 06e0b79a126.86M (0x7edc800)
handle 26e0b776 2.46M (0x276000)
handle e6e0b72e 1.35M (0x159800)
disk 46174b6a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 0699b026
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk e6cd9532
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 06e0b79a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 26e0b776
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk e6e0b72e
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
im needing to get DSK2 Part00.
pdocread -w -d DSK2 -b 0 -p Part00 0x5838000 C:SamsungOmnia-DSK2a.raw
Any ideas on how I can successfully take the entire dump?
I am trying to create a raw/image of the Windows Mobile area for forensics.
I am using the itsutils package, using pdocread however, I always get the error "ITTFFSGetInfo - The device is not ready for use"
any ideas?
pdocread -l gives me this:
130.68M (0x82ad000) DSK1:
| 1.35M (0x159800) Part00
| 2.46M (0x276000) Part01
| 126.86M (0x7edc800) Part02
88.22M (0x5839000) DSK2:
| 88.22M (0x5838000) Part00
0.00 (0x0) DSK5:
| 0.00 (0x0) PART00
15.00G (0x3c0000000) DSK3:
| 15.00G (0x3bffffc00) Part00
STRG handles:
handle 46174b6a 15.00G (0x3bffffc00)
handle 0699b026
handle e6cd9532 88.22M (0x5838000)
handle 06e0b79a126.86M (0x7edc800)
handle 26e0b776 2.46M (0x276000)
handle e6e0b72e 1.35M (0x159800)
disk 46174b6a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 0699b026
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk e6cd9532
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 06e0b79a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 26e0b776
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk e6e0b72e
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
im needing to get DSK2 Part00.
pdocread -w -d DSK2 -b 0 -p Part00 0x5838000 C:SamsungOmnia-DSK2a.raw
Any ideas on how I can successfully take the entire dump?