| TULP2G - frequently asked questions |
|---|
This list answers some of the most-asked questions about TULP2G. The questions have been divided into several categories:
The version of this FAQ is 1.3, first published on Apr. 11 2006.
| Q: | What is TULP2G? |
| A: | TULP2G is a forensic software framework developed to make it easy to extract and decode data from digital devices. Besides the framework, it is distributed along with several plug-ins to read data from digital devices (at this point, mobile phones and SIM cards). For more information, see the About TULP2G-section on the frontpage. |
| Q: | Where can I get TULP2G? |
| A: | TULP2G is hosted on Sourceforge. There's a project page along with a file listing where all available files can be downloaded. |
| Q: | Where can I find more information on TULP2G? |
| A: | A paper has been published in the Fall 2005 issue of IJDE titled An Open Source Forensic Software Framework for Acquiring and Decoding Data Stored in Electronic Devices. It contains a technical description and tutorial. |
| Q: | Why is TULP2G open source software? |
| A: | One of our goals is to stimulate the development of forensic software tools (mostly in the field of retrieving data from embedded systems). To this end, we want to make the software we have written accessible to as large a group as possible. Releasing a piece of software as open source software allows everyone to view, use and modify our work. |
| Q: | Under what license is TULP2G released? |
| A: | The open source license TULP2G is released under is the BSD license. |
| Q: | Why was the BSD license chosen for this software? |
| A: | Because it's a very unrestrictive license, allowing various uses of the software, as well as (modified) redistribution in both source and/or binary form. Besides that it has a disclaimer and a non-endorsement clause. |
| Q: | What do I need to use TULP2G? |
| A: | Minimum requirements for the PC to run TULP2G 1.3 and up on is either Windows 2000 or XP, preferably with the latest patches and service packs installed, along with .NET 2.0. TULP2G is only tested on Windows XP. To use some of the new plug-ins introduced in the 1.1-release of TULP2G Windows XP SP2 is required. This is also the recommended configuration. To retrieve data from a mobile phone using the AT_ETSI or AT_SIEMENS protocol plug-ins, you need a datacable that is compatible with the phone, or a Bluetooth or IrDA connection. To use those last two modes of communication, either a Bluetooth or IrDA compatible communications device is required. To use the new OBEX and IRMC protocol plug-ins, an IrDA or Bluetooth adapter is required. These plug-ins require Windows XP SP2. Reading SIM-cards requires a PCSC-compatible smartcard-reader and possibly an adapter to convert the small-sized SIM-cards to general smartcard format. |
| Q: | Why are older platforms not supported? |
| A: | TULP2G is a .NET-application using the latest features of the underlying platform. We have chosen to do this because instead of focussing endlessly on compatibility issues with older platforms, we would rather make a lot of functionality available quickly. This is at the cost of requiring users to use the latest version of Windows. To us this is an acceptable trade-off. |
| Q: | How do I install TULP2G? |
| A: | Download the Windows-installer package and run it by doubleclicking on the file. The Windows-installer package of the latest version is called TULP2G-installer-1.3.0.3.msi and can be found at the project file listing. Please make sure your machine meets the system requirements. |
| Q: | What to do if the installation fails? |
| A: | First make sure you have administrator privileges on the machine you are trying to install TULP2G on. If you don't, ask your system administrator to either allow you to install it and give you the proper privileges or ask him to install it for you. These privileges are required because the TULP2G installer writes files to the Program Files and Windows\System32 directories, installs files in the .NET Global Assembly Cache, registers several COM components and writes some additional configuration information in the registry. If you have administrator access, are connected to a Windows domain and still cannot install TULP2G, check with your network administrator whether there are policies in place that may also prevent you from successfully installing TULP2G. If this is the case, ask your network administrator to allow you to install TULP2G on your machine. If you still cannot install TULP2G, please enter your situation as a support request in our support tracker. We will contact you shortly after such a request if additional help is available. |
| Q: | What to do about the following error during installation: "Error writing to file: TULP2G.Export.XML.dll. Verify that you have access to that directory."? |
| A: | This error occurs when you do not have the .NET 2.0 Framework installed. Cancel the installation and run Windows Update. Under "Software, Optional", the .NET 2.0 Framework should be available. Select, download and install it and after a possible reboot the TULP2G installer should run correctly. |
| Q: | What to do if casefiles are not correctly saved? |
| A: | There are two known causes for this. The most common is that TULP2G is installed on a machine where a previous version of TULP2G was not uninstalled before installation. If this is the case, uninstall all versions of TULP2G and install the desired version of TULP2G again. |
| A: | In TULP2G 1.3.0.3 it is possible to remove the TULP2G.SystemPlugins-component from the "Manage Plug-ins..."-dialog. This component however contains the functionality to write case files to disk, so removing it will prevent TULP2G from saving case files. In the next version in TULP2G, removing the TULP2G.SystemPlugins will be disabled again. |
| Q: | Why don't casefiles created with the 1.0 release of TULP2G validate with 1.1? |
| A: | Because of the bug in the hashing functionality of the 1.0 framework, most of the hashes calculated using that version of the framework are incorrect. Loading such a casefile using TULP2G 1.1 returns an error because the incorrect hashes in the casefile don't match the correct hashes calculated by the framework. To load a 1.0 casefile, make sure TULP2G is closed. Next, open the config.xml-file in the installation directory. Change the value of the validatehashes-element to false. Start TULP2G and load the old casefile. No error should be reported this time because the hashes are no longer validated. Next, save the casefile again. Close the framework and return to the config.xml-file to reset the validatehashes-element to true, so on the next and consecutive runs, TULP2G validates the hashes in casefiles again. |
| Q: | Where is the PCSC Communication plug-in after running the installer? |
| A: | There is a bug in the 1.0 release of TULP2G that causes the PCSC Communication plug-in to not be installed after running the installer. This has been fixed in the 1.1 release, but if you're using the 1.0 release or if it still occurs with a newer release, you can install the plug-in manually. Run TULP2G and on the first tab (Tulp2G), click Manage Plug-ins..., click Add... and select the file called TULP2G.Communication.PCSC.dll. Next click Open. The PCSC Communication plug-in should be installed and available now. |