Recover Deleted Messages with Elcomsoft Blackberry Backup Explorer

How to Use Elcomsoft BlackBerry Backup Explorer — Step‑by‑Step TutorialElcomsoft BlackBerry Backup Explorer is a forensic and recovery tool that lets you extract, examine, and recover data from BlackBerry backups (IPD and BBB files). This step‑by‑step tutorial walks through preparing your environment, opening BlackBerry backups, navigating data categories, recovering deleted items (when possible), exporting evidence, and best practices for handling sensitive data.

---

Before you begin — requirements and preparation

• Supported files: IPD (BlackBerry Desktop Manager backup) and BBB (BlackBerry 10 / modern device backup) files.
• Operating system: Windows (check Elcomsoft’s site for the latest compatibility).
• Licensing: You need a valid Elcomsoft BlackBerry Backup Explorer license; the software typically offers trial and commercial versions.
• Security: Work on a copy of the original backup file — never modify the original.
• Environment: Use an isolated machine or forensic workstation for sensitive or evidentiary work.
• Password/Encryption: If the backup is password protected, have the password. If you don’t have the password, Elcomsoft offers separate password‑recovery tools (e.g., Elcomsoft Phone Breaker or Elcomsoft Distributed Password Recovery) that can help—but those are separate products and may require legal authorization.

---

Installing and launching the software

1. Download the installer from Elcomsoft’s official site and run it.
2. Follow the installer prompts and accept the license agreement.
3. Launch Elcomsoft BlackBerry Backup Explorer from the Start menu or desktop shortcut.
4. If prompted, activate the product with your license key (or choose trial mode if available).

---

Opening a BlackBerry backup file

1. Click File > Open Backup (or use the Open button on the toolbar).
2. In the file dialog, select the IPD or BBB backup file you want to analyze.
3. If the backup is encrypted, enter the backup password when requested. If you don’t have the password, the application will not decrypt protected content until a correct password is supplied or recovered.

What to expect after opening:

• The app will parse the backup and display a tree view of data categories (Contacts, Call History, Messages, Calendar, Files, Applications, etc.).
• Parsing time depends on backup size and system speed.

---

Navigating the interface and key data sections

• Left pane: hierarchical tree of data categories and sources (device, SIM, media).
• Right pane: item list and details for the selected category.
• Preview pane: quick view of the selected item (message content, contact details, image preview).
• Toolbar and menu: export, search, filter, options, and report generation.

Important sections to check:

• Contacts — phone numbers, email addresses, notes, linked accounts.
• Messages (SMS, MMS, BlackBerry Messenger) — timestamps, sender/recipient, attachments.
• Call history — missed, incoming, outgoing calls with timestamps and durations.
• Calendar — events, attendees, alarms, recurrence rules.
• Files and Multimedia — pictures, videos, documents stored on the device.
• Applications — app data and settings where applicable.

---

Searching and filtering data

• Use the global search box to search across all categories for names, phone numbers, keywords, or message text.
• Use category filters to limit results by date range, message type, or file type.
• Sorting: click column headers to sort by date, name, size, etc.

Practical tip: Combine date filters with keyword searches to quickly locate time‑bound events (e.g., messages around a specific incident).

---

Viewing and previewing items

• Select an item in the list to show details in the preview pane. For messages, the app displays conversation threads and attached files.
• Double‑click images, documents, or media to view them in full resolution or open them with associated system viewers.
• Right‑click an item to see context actions (export, copy, view properties).

---

Recovering deleted items

• The ability to recover deleted items depends on what was stored in the backup. Backups sometimes include deleted data if the device or backup process retained it.
• Look for special folders or views labeled “Deleted items” or use filters that include removed entries.
• If deleted data is not present in the backup file, you cannot recover it with BlackBerry Backup Explorer alone — recovery would require access to the original device or lower‑level forensic tools.

---

Exporting data and creating reports

1. Select single items, multiple items (Ctrl/Shift), or an entire category.
2. Click Export or File > Export Selected. Choose an export format: CSV, XML, PDF, text, or native file formats (for media).
3. For messages and contacts, choose whether to include attachments and metadata (timestamps, source paths).
4. For forensic reporting, use the built‑in report generator to produce a structured PDF or HTML report that includes exported evidence and metadata.

Export best practices:

• Export in native formats where possible (e.g., pictures as JPG/PNG, messages as EML or CSV) to preserve content and metadata.
• Keep a checksum (MD5/SHA1) of exported files if you need to prove evidence integrity.

---

Working with attachments and media

• Attachments are usually accessible directly from message previews. Right‑click and Export attachment to save.
• Large media may be stored in a separate files section — export whole folders or individual media items.
• Verify exported media opens correctly; maintain original timestamps and metadata when possible.

---

Handling password‑protected backups

• If the backup is password protected and you have the password, enter it when prompted to decrypt the file.
• If you do not have the password, consider legally authorized password recovery using Elcomsoft’s password‑recovery products. These use GPU acceleration and distributed computing to speed up brute‑force, dictionary, or rule‑based attacks. Legal restrictions and privacy considerations apply.

---

Chain of custody and forensic considerations

• Always document steps taken: who accessed the backup, when, what copies were made, and which exports occurred.
• Work on copies and retain the original backup in secure storage.
• Use write‑blockers or read‑only mounts when interacting with storage devices in a forensic workflow.
• Record hash values of originals and exported artifacts.

---

Troubleshooting common issues

• “Cannot open file” — confirm file is not corrupted and is an IPD/BBB backup. Try opening with a different machine or check file integrity (hash).
• “Incorrect password” — verify character case and keyboard layout; consider password recovery if authorized.
• Missing data — check other backup files; some data may be in separate backups or on the device only.
• Parsing errors — update the software to the latest version; contact Elcomsoft support if a specific backup format isn’t parsed correctly.

---

Alternatives and complementary tools

• Elcomsoft Phone Breaker — for extracting cloud accounts and backups where applicable.
• Mobile forensic suites (e.g., Cellebrite, Magnet AXIOM) — for broader device acquisition and analysis.
• File recovery tools — if working directly with storage media to attempt undelete operations.

Comparison (quick):

Task	BlackBerry Backup Explorer	Device-level forensic tools
Read IPD/BBB backups	Yes	Sometimes (depends on tool)
Recover deleted from backup	Limited (if present)	Better for device-level recovery
Export reports	Yes	Yes (often more features)
Password recovery	No (requires separate Elcomsoft tools)	Varies

---

Example workflow (concise)

1. Create a hash and copy of the original backup file.
2. Open the copy in Elcomsoft BlackBerry Backup Explorer.
3. Search and filter messages by date and keyword.
4. Preview and export selected conversations with attachments.
5. Generate a PDF report including hashes and metadata.
6. Store exports and notes in secure evidence storage.

---

Closing notes

Elcomsoft BlackBerry Backup Explorer is a focused tool for extracting and analyzing data from BlackBerry backups. Its strengths are parsing the backup structure, previewing and exporting messages, contacts, and media, and generating reports. For password recovery, device‑level acquisition, or advanced deleted‑file recovery you may need Elcomsoft’s complementary products or full mobile‑forensic suites.