The National Institute of Standards and Technology (NIST) has tested a new method for directly accessing a smartphone's memory chips despite the phone being damaged or destroyed by criminals trying to conceal evidence of a crime, thereby making it difficult for forensic experts to extract data.
The study may lead to data that could be presented as evidence in court and help labs choose the right tools for the job as some methods tested work better than others depending on the phone, the type of data and the extent of damage.
The study loaded data onto 10 Android models of smartphones and then extracted the data. Then researchers damaged the phone and extracted the data again. The team did this to determine if the extracted data matched the original data or if there were changes in the data. Data included photos, messages and social media apps such as Facebook and LinkedIn. The phones were also loaded with contacts and GPS data.
Researchers used two methods to extract data: the JTAG method, where a circuit board is connected to the chips by soldering wires that forensic investigators can use to extract data; and a “chip-off” method that involved connecting to small metal taps that provide access to data on the chips.
The chip extractions were conducted by the Fort Worth Police Department Digital Forensic Lab and VTO Labs, a private forensics company in Colorado. These organizations sent the extracted data back to the NIST, which then conducted the JTAG extractions.
The team used eight different forensic software tools to interpret the raw data, generating contacts, locations, texts, photos, social media data and more. That data was then compared to the data originally loaded onto each phone.
The comparison showed that both JTAG and chip-off methods extracted the data without altering it, but also showed that some software tools were better at interpreting the data than others, especially from social media apps.
“Many labs have an overwhelming workload, and some of these tools are very expensive,” said Rick Ayers, the NIST digital forensics expert who led the study. “To be able to look at a report and say, this tool will work better than that one for a particular case — that can be big advantage.”