Acquiring data from Windows Phone devices is challenging since they are secure, and commercial forensic tools and open source methods do not provide easy solutions for forensic examiners like you. Multiple tools, chip-off, JTAG, and the methods we defined in this book are some of the methods that provide access to user data on Windows Phone devices. Often, you will find that Windows Phone devices require multiple extraction methods to acquire accessible data. The biggest challenge is getting access to the device to acquire the data. Once the data is available, all the extracted information can be analyzed by you.

In this chapter, we covered the interface, important features, and the security model of the Windows Phone device. Then, we had a look at the different partitions and folder structure within the Windows filesystem. The Windows Phone registry is similar to the registry in the Microsoft operating system. We saw how to extract data with and without using commercial tools and looked at some common Windows Phone forensic artifacts. With this knowledge, you can now extract user data from a Windows Phone using multiple extraction methods.

The next chapter will walk you through parsing third-party application files.