Datarecovery.com has developed targeted recovery software for numerous cell phone operating systems, and with our background in computer forensics and flash media recovery, we are the leading option for mobile phone data recovery. Many of our clients attempt to recover text messages — not surprising, since the average smartphone owner sends about 30-60 texts per day.
We’re also called upon to recover text messages as evidence for court cases and other legal processes, and cell phone recovery is one of the fastest-growing segments of our business. In this article, I’ll detail some of the methods that we use to recover text messages from damaged cell phones. Some of these techniques are also used for other types of data associated with smartphones.
Getting Access to the Data On a Damaged Cell Phone
Of course, if someone’s calling Datarecovery.com, there’s a good chance that their cell phone has been damaged (either intentionally or accidentally). In order to start recovering text messages, we need to get access to the data on the phone, and that can be a difficult process.
Engineers use advanced tools and techniques to recover data from the device in wide ranging types of failures and damage. Depending on the damage, sometimes we can restore the device to a temporary functioning state to access the data somewhat natively (meaning that we can just plug in the phone and read the data as the manufacturer intended).
However, if there’s a severe underlying problem, the actual data may be damaged. Crippling damage to text message data may occur not only through physical or electrical means, but also through overwriting due to deletion, corruption, operating system updates, or factory resets. When native access is not an option, we’ll do whatever it takes to obtain a data image and work from there. Many repair techniques necessitate an ISO 5 cleanroom and other expensive equipment, so we’ll avoid a lengthy discussion of those methods for now.
Where are Text Messages Stored on a Modern Cell Phone?
Text messages are generally stored in smartphones in an SQLite database. This is true across various manufacturers, but unfortunately for our engineers, the database type is where the similarities end.
Each different cell phone model will typically have a different database schema, or table structure, in which it stores text message data. Now, commercial software tools exist that can help recover text message data from functioning SQLite databases — but options are slim when there is damage to the database.
To obtain as many text messages as possible from a damaged phone, we work with the raw data image and we use special software (developed in house) along with some manual data evaluation and analysis.
The first step is determining the definition of the database table containing the messages. This process will include deciphering how each of the components of a text message record are stored, including associated phone numbers, service center number, timestamps, and the message body.
The Text Message Record and Cell Phone Message Recovery
The second step includes the identification of a text message record. There can even be more than one format to account for. After we have a grip on this, we need to write the definition so that our recovery program will be able to identify message records, and interpret the various components correctly from raw data.
The identification of a text message record is crucial because in the uncertainty of raw data, defining the method used to find text messages will determine whether all the text messages are recovered; if the text message record is improperly defined, a significant number of messages may be missed.
We are extremely careful to ensure that our methods will not miss any potentially valuable text message, including damaged partial message records. We do this by using the lowest possible minimum requirements for identification in our algorithm while still ensuring that there are few false positives.
We then perform rigorous testing, performing numerous checks on known text message data areas we’ve discovered in separate analysis. Finally, after we’ve run our software, we complete a final comparison check between the text messages extracted and the text messages known in raw data. This allows our engineers to make sure that they have everything.
I need to stress that this thorough process and custom software solution really separates our service from the hardware and software products available commercially, and also from other forensic companies and law enforcement agencies that use them. We certainly have many commercial hardware/software products available in our laboratories, and we use them when appropriate.
However, our process allows us to recover more than any commercial product when required by the situation; by using a combination manual techniques and tailored software processing, we can perform a much more thorough text message recovery than any individual software or hardware tool. In a recent case, the best commercial software was able to find 2,098 text messages, while we recovered 3,756 valid messages – 79% more. I think this shows the value of experience; if you have a cellphone and need to recover missing text messages and other mobile data, you can be assured that Datarecovery.com will give you the best possible result.
For more information on our cell phone related services visit this page, or call us at 1.800.237.4200.
