BlackBerry IPD parsing for open source forensics

In this paper, we present a framework for an open source BlackBerry Inter@ctive Pager Backup/Restore (IPD) file forensics tool. Our reasoning for developing an open source version of an IPD parser is to enhance the available open source forensic tools; an example of this category of tools is the Sleuth Kit. One intention of this work is to make users of BlackBerrys aware of the vulnerability of their information on their computers. Commercial tools such as the ABC Amber BlackBerry Converter application [6] presently exist. That commercial tool is able to gather the messages, contacts, SMS records, memos, call logs, and the task list from an IPD file. It then exports these records in a variety of forms. Another commercial tool by Paraben [4] can export data into closed source forensic tool kits such as Encase and FTK [5]. While still a work in progress, the preliminary results indicate that the method developed for extracting information is valid. The end goal of this research is to produce a model that can be adopted by open source forensic practitioners in their examinations and toolkit development.