Saturday, May 26, 2012
Trace Log Generator
I am looking into creating a new handset tool that generates a trace log of commands sent to the handset and responses received.
Quite a few times I have raised this and largely there is a stone-wall silence about why examiners 'cannot' or 'will not' provide the actual trace log associated with their examination, so that this can be checked. That is an unhealthy taboo to be active in forensics (and for evidence) and needs to be side-stepped.
The idea of the trace log that produces units of information and exported for consideration is similar to that generated by some imaging tools, which allow, as complete as possible, an examination.
This tool I believe should not compete with current tools in the same way that they perform, but the trace log should be inexpensive as the generated file will be a trace log, secured in such a manner that the original should not be altered by accident and when an examination takes place should avoid accidental contamination of the original. However, the managed principle extraction technique is based upon starting at binary and working upwards in order to allow the data to be viewed through independent products.
Additionally, I expect the trace log generator to perform tracing on a make-by-make basis, which means there should be a trace log generator module for each make. This will allow examiners to only buy what they need as opposed to have the reading capability of X-makes/models where it is an extremely low probability of examiners coming into contact with them.
There is a list of benefits but I suspect two key objectives that will benefit in the mobile forensics industry
1) Those whose job requirement limits them to push-button selection for reading an exhibit can produce the trace log first and then use another tool
2) Those who are experienced can use the trace log without needing to hector the less experienced to qualify what they have done during the acquistion examination period.
Additionally, I also envisage some form of (self)employment to arise out of this where programmers can create modules within the framework of the trace log generator and share in the revenue generation stream and at the same time see their contribution in a product generated by and for the forensic community.
I liked to know what you think?