I’ve created a set forensics collection scripts for WebOS, based on a paper and presentation that I recently gave for a computer forensics class. They are able to image and mount each partition, collect evidence, and create a set of html reports.
Requirements:
- A WebOS Phone
- Linux environment
- WebOS SDK
- sleuthkit package, for searching slack space
- pv package, for providing a progress bar while creating images
- Python 2.6 or greater
I have tested these using Ubuntu 9.04 and 9.10 and my Palm Pre running WebOS 1.2.x. WebOS has recently been updated to version 1.3.1, so there may be a few minor bugs related to that. I have not tested these using the virtual machine provided with the SDK, though I expect that they would just need a bit of tweaking to work. Any Linux environment is fine, as long as the WebOS SDK can be installed on it.
There are a few bugs and shortcomings with this set of scripts:
• Timestamps stored on the phone are assumed to be from the same time zone as the host computer.
• Forwarded emails, replies, and emails with more than one recipient may show up multiple times.
• May have trouble handling Unicode characters in some fields.
Feel free to email me or leave a comment if you have questions or requests.
Released under GPLv2