[Starkad]

Some background on this (today has been a nightmare)...

I just started for this company about 5 weeks ago as a blackberry admin, my predecessor was... inept. My company deals with PHI (patient health info), which is extremely confidential. We had a VP that was storing PHI on his blackberry (without telling us, and without setting a password on his blackberry...I've been pushing this as a priority project since the minute I walked in the door.). He lost this blackberry. Enter the Compliance department.

They are now GRILLING me on these things. I, of course, sent a poison pill to the bb handheld unit, but given that it was a 7280, and on a very old software rev (3.6 or 3.7 is my guess), I can't tell if it hit. Given this, they are now asking if forensic data retrieval could be used to get 'deleted information' from the unit. In other words, if the pill went through, could data be retrieved? I would assume no, since the memory on the unit is volatile, and would be deleted permanently. They also want to know if there's a third party app, or a setting/report somewhere that can verify if a handheld is wiped or not.

I've already put together a project to get every handheld in the company upgraded to 4.1, but it will take time, as I am the only person here that can do it. I've also got a project to set passwords... However, in the meantime, I need to deal with the fallout of this lost bb unit.

If anyone can point me to some place I can find this info, it would be greatly appreciated. I've tried searching around, but have come up empty so far.

Thanks in advance,
Mike

[KonTiki]

I am not 100% sure of this scenario but if prior to you sending the poison pill, the unit had been backedup, being that you had not password protection on it whatsoever, it is conceivable that it could be restored to another unit and read from there. Its far fetched but for sure plausible.

[ebgreen]

Take this question to RIM. If anyone has attempted or has the know how to pull data off of a wiped device it should be them.

[Starkad]

Thanks for the advice. I just kicked Cingular in the ass, and got through to RIM, here's their official answer:

Blackberry units use FlashROM. Whenever an email is deleted, or the unit wiped out, it is unrecoverable. Period. There is no way to get it back. To even further protect it, we can encrypt the data itself (at the price of speed), and require a password to access it.

Hope that helps anyone in the same situation.

[d_fisher]

Quote:

Originally Posted by Starkad

I've already put together a project to get every handheld in the company upgraded to 4.1, but it will take time, as I am the only person here that can do it. I've also got a project to set passwords...

I would try to implement your password protection scheme before upgrading the handheld software if at all possible. The upgrade is going to take longer while the password protection will give immediate results and can be enforced via policy.

[Starkad]

Unfortunately, the policy to enforce passwords has to go through multiple steering committee's, and several levels of approval. We're a medical firm, so we have all kinds of restrictions, and qualifications to get it implemented. We had a written policy, but not enforced at the server.

The policy for passwords should be finalized this week, and then it will take another month or two for full approval.

Have I mentioned how much I hate red tape and bureaucratic BS?

[d_fisher]

Quote:

Originally Posted by Starkad

Have I mentioned how much I hate red tape and bureaucratic BS?

Been there, done that, feel your pain.