Flasher Box Forensics training

Are you using flasher boxes to remove handset security codes or to perform ‘hex dumps’ of handsets which aren’t supported by commercial forensic tools?

If you are, you are one of a growing number of phone forensic examiners who are using flasher boxes to help gain access to “troublesome devices”. However, it may be that you’re less than 100% confident in using tools where there is little in the way of formal training available. If you’re not currently using flasher boxes, you’re missing out on a technology which would allow you to recover more evidence from more devices than you can today.

Knowing which boxes to buy, how to set them up and use them safely is somewhat of a minefield. We would like to guide you through that minefield to ensure that you can safely retrieve more evidence from more devices than you can today with our new 3 day Flasher Box Forensics training course.

Find out more about the course here and drop us an email to register your interest

Guest lecture at Coventry University

Control-F Managing Director Kevin Mansell is delighted to have been invited to give a guest lecture at Coventry University on Tuesday  8th February to students on its B.Sc. Forensic & Investigative Studies. His talk will look at the compelling nature of digital evidence as well as the current and future challenges presented by mobile devices.

ICCID and IMSI Prefixes

The way in which country and service provider information is defined in the ICCID and IMSI identifiers found on SIM cards can be confusing and hard to remember. We’ve put together a list to help you (and us!) quickly confirm the “prefixes” used by different service providers in both types of number.

List of default SIM PINs

In response to a question we’re commonly asked, we’ve published a handy list of the default SIM PIN codes used by communications service providers. We’ve started with the UK service providers but will add those for other countries on request. Remember, there are 3 attempts to enter the SIM PIN before the card becomes “blocked” and the PUK has to be entered.

White paper on mobile phone video

To coincide with Managing Director Kevin Mansell’s presentation at the 2010 F3 Conference on the same topic, we have published a Mobile Phone Video White Paper for free download. The white paper, developed jointly with CCL-Forensics, provides an insight into the underlying structure of 3GP and MP4 video files commonly found on mobile phone handsets. The paper goes on to show that through greater understanding of the file formats, a more intelligent approach to finding and recovering deleted video can be applied.

Hex dump search tips

When you’re searching for anything (and let’s face it, it’s normally a set of keys isn’t it?!), it always helps to know what you’re looking for. That sounds pretty obvious but it’s very relevant for forensic examiners searching large volumes of data. For example, finding SMS messages in a hex dump of some Samsung handsets is a whole lot easier once you know that the keyword “DEADBEEF” appears within the memory dump in between SMS messages. Suddenly, finding deleted text messages got a whole lot easier!!

One question which often crops up during training courses and conference presentations is, “Where can I go to find out what these search terms and keywords are?”. Up until now, there hasn’t been a good answer to that question which is why we are now providing a page on the Control-F website to help people like yourselves find evidence more quickly.

The new page provides information on key types of data that you might want to search a memory dump for (e.g. ICCIDs, MMS messages etc.) along with different encoding schemes that we’ve encountered and search terms or regular expressions to save you time.

We hope that you find it useful and would love to hear your feedback (and receive contributions!). We use Gary Kessler’s file signature page all of the time and if this page becomes half as useful, we’ll be delighted.

Phone Forensics Deconstructed


This 3 day ‘next level’ mobile phone forensics course is designed to give phone examiners a greater understanding of the data they already retrieve, coupled with the skills to find and recover traces of the ever increasing Internet browsing, social networking and satnav usage with mobile phones. Find out more…

Memory Card Forensics Course


Running again 22-24 November 2010, this course is designed to teach mobile phone examiners how to retrieve deleted data from memory cards whilst ensuring compliance with the ACPO Principles of Digital Computer Based Evidence.  Without proper training and equipment this critical evidence could be overlooked.  Find out more …..

White Paper on Handset Imaging

Download our free white paper on recovering deleted data from specific phones – Kevin Mansell collaborated with Royal Military Police’s digital forensics unit in Portsmouth to publish a white paper for the F3 Annual Conference 11-13 November 2008. Titled ‘Recovering Deleted Data from FAT Partitions Within Mobile Phone Handsets Using Traditional Imaging’ the paper explores how deleted and unallocated data can quickly and easily be retrieved from the internal memory of certain handsets using easily accessible data cables and computer forensic imaging tools.