tag:blogger.com,1999:blog-8875668111631820725.post8372492036308748742..comments2023-04-06T05:14:38.033-04:00Comments on A Fistful of Dongles: A Cursory Look at Kindle ForensicsEric Huberhttp://www.blogger.com/profile/03501931630996986857noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-8875668111631820725.post-5697894980165466012011-04-03T11:28:21.071-04:002011-04-03T11:28:21.071-04:00I wish I could answer your first question, but pre...I wish I could answer your first question, but pretty much everything I know about Kindle forensics was contained in the blog posts that I did on this subject. I haven't had time to revisit the topic for a more extensive review.<br /><br />I did the examination using EnCase, but you might be able to do some basic work using Access Data's FTK Imager tool which is a free download from Eric Huberhttps://www.blogger.com/profile/03501931630996986857noreply@blogger.comtag:blogger.com,1999:blog-8875668111631820725.post-18899276308760622532011-04-03T10:10:29.553-04:002011-04-03T10:10:29.553-04:00Further question, please could you tell me how you...Further question, please could you tell me how you manged to read what is in the index.db and other files. I have tried MS Access and am hoping to get to grips with PHP.<br />I think if I can open some of the Kindle system files they amy contain the data I am looking for.Unknownhttps://www.blogger.com/profile/00762641104697492443noreply@blogger.comtag:blogger.com,1999:blog-8875668111631820725.post-79296858861375917292011-04-03T10:08:22.489-04:002011-04-03T10:08:22.489-04:00I have filled my kindle with many many books some ...I have filled my kindle with many many books some of which I have read completely, some partially and some not at all. They are all jumbled together making it hard to find a book that I havent finished yet as this involves opening them individually.<br />Where is the "furthest" read location data stored and also the location of the maximum length? If I could access these in a table Unknownhttps://www.blogger.com/profile/00762641104697492443noreply@blogger.comtag:blogger.com,1999:blog-8875668111631820725.post-46975788770018233562010-07-07T15:06:07.106-04:002010-07-07T15:06:07.106-04:00Thank you for the article. For the anonymous post ...Thank you for the article. For the anonymous post above regarding reverse engineering collections. I'm in exactly the same boat as you. I found this article about the DX which is helpful, but it claims the hash is SHA-1 and is the document path relative to /mnt/us/documents. I've tried a relative path from my usb-mounted Kindle "documents" directory, but SHA-1 does not yield theDan Hartshornhttps://www.blogger.com/profile/16589964778610776045noreply@blogger.comtag:blogger.com,1999:blog-8875668111631820725.post-23760420875527591262010-06-18T17:31:56.221-04:002010-06-18T17:31:56.221-04:00Thanks for dropping by and commenting. What write...Thanks for dropping by and commenting. What write blockers do whether they are software or hardware based is to prevent any writes from occurring to the target device when an examiner is making an image.<br /> <br />I normally favor using hardware write blocking devices as a first choice, but there is a time and a place for write blocking via software methods.<br /> <br />By reading what I Eric Huberhttps://www.blogger.com/profile/03501931630996986857noreply@blogger.comtag:blogger.com,1999:blog-8875668111631820725.post-70401351735585759022010-06-18T00:50:37.461-04:002010-06-18T00:50:37.461-04:00Interesting. I came here trying to reverse enginee...Interesting. I came here trying to reverse engineer 2.5's Collections, and discovered instead what a USB Write Blocker is. So I assume the Kindle software wants to write to this file userannotlog, which I don't see otherwise, and your device stops the write?<br /><br />I see that Index.db is not what I thought it was. Interesting.<br /><br />So what I'm trying to figure out is Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8875668111631820725.post-63161762007743572182010-04-21T11:58:17.259-04:002010-04-21T11:58:17.259-04:00Thanks for the comment, Crosser!
The AZW format h...Thanks for the comment, Crosser!<br /><br />The AZW format has some sort of DRM baked into it to prevent sharing. What I'm *guessing* is the case is that when you order a book from Amazon, the AZW file is embedded with your Amazon account ID which only allows that ID to use the content.<br /><br />You're spot on about Kindle being essentially just another USB storage device when connectedEric Huberhttps://www.blogger.com/profile/03501931630996986857noreply@blogger.comtag:blogger.com,1999:blog-8875668111631820725.post-22405779657508838222010-04-20T20:18:15.810-04:002010-04-20T20:18:15.810-04:00I'm not sure what the limitations are on shari...I'm not sure what the limitations are on sharing documents with the Kindle, but I could envision it being likened to a mass storage device. Who's to say that someone couldn't store proprietary info on it, or other files that could be considered contraband. Additionally, it seems like electronic data could be transported rather inconspicuously given that, to most people, it's Crosserhttps://www.blogger.com/profile/11902606869063717715noreply@blogger.com