On Mon, Feb 22, 2010 at 11:44:52PM -0500, Jamaal Speights wrote: > What are your thoughts about this. If I take the raw dump and modify the > header with data from a blackberry simulator fs.dmp file, the simulator will > actually boot the raw image inside of the simulator. From this point I can > see the messages uncompressed. Doing this for one device is fine, but if I > run into 100 devices that need forensics work, this process becomes a > problem. > > Maybe there is a way I can extract this data using the SDK? If this is > outside of the realm of this discussion group, at least this information > might be important to someone else.
I would not call this outside the realm of this discussion group. :-) Please do discuss it here if you like. If you can get the raw data, you can just feed it to one of the record classes. I can help you through the code if you need it. The first step is extracting the data. I would make a backup of a working device using the barrybackup GUI, extract the resulting tar backup file, and compare the raw data of a given record there with the raw data you can see in the simulator. The raw data you see in the backup file is the same data that's on the USB wire. If the data is in the same format, or even exactly the same, then it would be worth coding something up to help automate the forensic work. - Chris ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Barry-devel mailing list Barry-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/barry-devel
