linux and forensics newb
 

iam want too learn how too do different forensics things in linux.my phone is a samsung code,with windows mobile 6.do you know if ubuntu or backtrack can mount the phone,without the microsd card in it?i want too make a dd copy of the systems memory where the pictures and videos are stored.thanks

Try it, see what happens

iam getting my usb cable tomorrow,so i can try it out.iam not totally sure on all the commands i would need too mount the phone,the correct command too make the sector by sector disk image and how i would know that the phone was properly mounted and under what name.

Okay, so basically you want to know how to mount your phone and how to use the dd command?

Try the man command. Man brings up the 'manual' pages for each command, or at least the commands that are documented.
Should be helpful, if not search the forums; there is a huge, and hugely brilliant, dd thread somewhere, and I'd be shocked if there weren't a mount tutorial.

I have edited your question to make it easier to read. Let me know if I got it wrong.

What you want to do is called "sim-card data recovery" - that is where the user storage is normally located. There are a number of different ways to do this.

Is this your phone?
Samsung SCH i220 Code
... Samsung gsm phones will usually connect to any recent distro via bluetooth or usb. The gnome-bluetooth tool should share files. But the phone has to be set up to act as a mass storage device.

To get better replies:

If you really want to learn how to do powerful things with gnu/linux, you need to pay more attention to how you write. I'm guessing English is your second language? That makes it harder and easier - native English speakers do not always notice when they are writing sloppily. Non-native speakers have usually had some formal schooling in grammar - and school-English is very good for technical discussions.

The first letter of each sentence is upper case.
The personal pronoun (I) is always upper case.
There is always at least one space after a sentence.
There is always one space after a comma.
"I am" is two words.
"too" means the same thing as "as well" - the word you are looking for is "to".
Proper names are capitalised - notice that "Samsung code" is different from "Samsung Code".

Remember this and it is easier for others to read your posts - remember, there are lots of people here with limited English who also have the information you need. Help them to help you.

If you are uncertain of your English, you can repeat your question in your own language.

Please edit your profile to include your location and gnu/linux distribution. This also helps us understand your needs better.

sorry about my bad english,spanish is my main language.my phone is a cdma (Samsung SCH i220 Code)so there is no sim card.since there is no sim card is it still possible too make an image of the phone?ill try those commands and see what happens.

If your phone has internal memory not part of the sim card.
If you can set it up to act as a mass-storage device.
Then you can access the memory.

If that is all that is wrong (the phone will work without a sim card) then you won't even need to image the memory - just copy the files across.

Plug the phone in (usb) and see what happens.
lsusb and dmesg | tail will tell you if anything registers and what as.

No you are not: if you were you would have corrected it. You don't have to, it just gets you better responses.

Computer forensics is difficult - more difficult than remembering to use the shift key or put spaces after punctuation. Is that how you write in Spanish? If you cannot do even that small thing, then why should anyone believe you will follow harder instructions?

Good luck.

Update!
 

so i finally figured out how too mount it under ubuntu by using "WM5torage". it mounts as "/dev/sdb" now i just need the proper DD command too create an image of the phone and transfer it too my vmware hard drive."/dev/sda"i need a bit by bit transfer.i also noticed when i open disk utility in ubuntu the drives come up as sda and sda1.which one would be the right one to transfer too?thanks

I’m almost sure you don’t want to copy /dev/sdb device contents to /dev/sda device. So don’t try to do it unless you’re certain what that command does and this is exactly what you want to achieve.

To copy the contents of input device to output device you’d use a command such as:

That last command is insecure – see my remark below.

It depends on what you’d like to destroy: boot sector of the hard disk or first sector of the selected partition. In my opinion you want copy the contents of external device to some file on your hard disk but you’re unaware of that.

In such case the valid command should be similar to:

That last command is secure.

sorry about how i described it.yeah i just want too make a image file of that partition of the phone and save it the desktop so i can save it.so this would be fine?:

dd if=/dev/sdb of=~/dev.sdb.img

i used ubuntu on and off for awhile,but doing the dd command always scares me.