Home > Uncategorized > Extracting Android call history with MobilEdit

Extracting Android call history with MobilEdit

MobilEdit Forensics edition is a Forensics investigation tool for Mobile devices allowing recovery of SMS/Call Logs/Calendar Data and more from a comprehensive range of mobile phones.

Pricing for the Forensics Edition is USD600 for unlimited phones and unlimited updates. A trial version is available with the Reporting Module disabled. It appears only to be available to Law Enforcement.

With MobilEdit the approach to analysing an Android phone is very similar to the ViaForensics method described in an earlier blog post. A small .apk file is provided which installs an application called “Backup ME” on the Android phone. Running the application extracts phone data into a .mea file on the phones internal sd card which is then used by MobilEdit to create a Forensics Report. Let’s step through the process. Again we’re interacting directly with the phone as we did before.

On the phone itself open your browser of choice and navigate to http://download.mobiledit.com/MeReports.apk and click “Save” to begin download.

Once the .apk file has downloaded click ‘Open’ to install it. Confirm the install by tapping the Install button.

Locate the “Backup ME” application in the Android Applications folder. Tap on the application icon to run it.

In the resulting screen click “Backup Now”.

A progress indicator shows progress of the backup process. The application creates a file in the root of the sdcard on the phone with the naming convention mereport_YYMMDD.mea.

Confirmation that the backup was successful and the time taken to run.

You now need to connect the Android phone under investigation to your forensics workstation. The internal sdcard where the .mea file is stored is auto dismounted when you connect the phone via USB cable. Pull down the Notifications tray and mount the sd card. On a Windows machine launch the MobilEdit application. When you first launch the application the wizard should appear automatically. Alternatively you can run the Connection Wizard from the File menu. As mentioned above the Reporting Module is disabled unless you’ve purchased and activated the full product.

The Connection wizard then launches. Click “Connect a Phone” to continue.

In the resulting screen click on “Cell Phone (Mobile Phone)” and click Next>.

Then choose the “File (Android Phones)” option.

The next screen reminds you to install and run the “Backup ME” Android application that we ran earlier. Click Next> on this screen.

You will then be prompted to browse to the earlier created .mea file on the phone.

Once you choose the .mea file the application generates the Forensics report. I don’t have the full version of MobilEdit so I’m not able to show the resulting report.

Categories: Uncategorized
  1. No comments yet.
  1. January 24, 2011 at 3:24 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: