By Keith Newman
11 September 2006
A new breed of forensic tools, designed with the help of Whangarei-based
Thackray Forensics, can now access and clone the full contents of a
mobile phone or PDA within seconds.
Managing director John Thackray is one of a handful of qualified
instructors in the use of the .XRY toolkit worldwide and is the only
qualified instructor in the Southern Hemisphere. Since the launch of the
range of products from Micro Systemation (MSAB) he has trained
specialists in government and corporate organisations including the FBI,
the British Secret Service, Scotland Yard and the Italian police.
However he says the majority of New Zealand's law enforcement and
corporate agencies are still lagging in this area of technical
investigation. To date only the Customs Services and one other service
that cannot be named are using the technology other than Thackray
Thackray, a former British policeman, was originally imported to New
Zealand over a decade ago as the first full-time New Zealand Police
computer forensics expert and has not only helped develop the toolkit
but has also come up with operational procedures that are now being
He has just returned from teaching the Italian police how to use the
technology in their detection of terrorism and for forensic
investigation. In August he is off to train the Royal Canadian Mounted
Police on how to use the new electronic crime fighting tools.
He says the cellphone is taking over from the computer as the modern
criminal's preferred tool of trade with organised crime, drug dealing
and fraudsters using text messaging as their main means of
The major problem recovering information from cellphones in the past has
been the inability to access the myriad of models, operating systems and
protocols used by different manufacturers. "Even the same manufacturer
may have a variety of phones with diverse systems and there are up to 50
models released globally every month," says Thackray.
The new approach can access all models and operating systems to harvest
physical information from SIM cards and memory cards. "It is phenomenal
the amount of information that can come from cellphones including
deleted SMS messages, contact lists, and historical information about
the phone owner from a deep level on the computer chips."
In the corporate sector the toolkit is useful in detecting everything
from inappropriate text messaging on company phones to uncovering
industrial espionage and the theft of intellectual property. "It is not
uncommon now for a cellphone with a camera to have a 2Gb SD card to
store photographs, videos and data. You could steal a company's whole
database. The cellphone is becoming a high priority on the list of
things to get at a crime scene and is streamlining investigations."
However he warns people who're upgrading or selling their old cellphone
to be wary even though they may think they have wiped the memory data.
"I purchased six cellphones from a second hand outlet in Malaysia as
part of an exercise teaching their customs people. We got text messages,
contact lists and some very personal photographs. This is a real concern
in terms of privacy," says Thackray.
"Even after you have wiped your hard drive there's still information
there that people with the right tools and knowledge can retrieve and
you can buy cracked versions of these tools on the internet already."
HITBSecConf2006 - Malaysia
The largest network security event in Asia
32 internationally renowned speakers
7 tracks of hands-on technical training sessions.
Register now: http://conference.hitb.org/hitbsecconf2006kl/