Deconstructing BlackBerry files the easy way

According to Wikipedia, Rubus is a large genus of flowering plants in the rose family, Rosaceae, subfamily Rosoideae. Blackberries, raspberries, and dewberries are common, widely distributed members of the genus.

That’s why the tool is named Rubus. It’s a free tool that allows investigators to reverse engineer raw BlackBerry data.

So – why do you need it?

You probably know that BlackBerry phones create an .ipd file when the device is backed up, and that a number of forensic tools will parse contacts, SMS, etc. from these files. Standard tools, though, may not show you the whole picture.

Although some tools may enable analysts to look at the extra data in a hex editor, this makes the data unwieldy and presents it without any meaningful structure. Rubus allows digital investigators to view all the data contained in the .ipd files in a structured fashion, providing access to a wealth of data that may prove crucial to a case.

What missing data?

Here’s an example. The third-party SMS application CrunchSMS stores messages in its own format in a table within the .ipd file – but they’re not stored in the BlackBerry’s SMS storage location. Rubus extracts this data and presents it in a usable format.

Where can I find it?

Rubus is available to download from our website, along with CCL’s other digital forensics software tools Epilog and PIP. Remember, it’s free – so take a look and find out how it can help your case.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s