Our forensics team has analyzed the cell phone of a bank fraud victim. A hacker managed to steal her money with fraudulent bank transfers. Then bank representatives think that the hacker hijacked SMS containing payment tokens, used to verify customer identify prior to sensitive operations. Apparently, the victim bought a second-hand and already rooted (Cyanongen OS) phone on eBay. During the acquisition stage, our team mad a bit-wise copy of the internal storage, but something went wrong during the process. After taking the victim cell phone, we made a backup of the internal storage but it hasn't been We need your help to recover the data and find how the intrusion occured.