Mobile Devices

Extracting forensic data from damaged smartphones

30 January 2020
A NIST computer science holds a mobile phone that has been damaged by gunfire. Source: NIST

The National Institute of Standards and Technology (NIST) has tested a new method for directly accessing a smartphone's memory chips despite the phone being damaged or destroyed by criminals trying to conceal evidence of a crime, thereby making it difficult for forensic experts to extract data.

The study may lead to data that could be presented as evidence in court and help labs choose the right tools for the job as some methods tested work better than others depending on the phone, the type of data and the extent of damage.

The study loaded data onto 10 Android models of smartphones and then extracted the data. Then researchers damaged the phone and extracted the data again. The team did this to determine if the extracted data matched the original data or if there were changes in the data. Data included photos, messages and social media apps such as Facebook and LinkedIn. The phones were also loaded with contacts and GPS data.

Researchers used two methods to extract data: the JTAG method, where a circuit board is connected to the chips by soldering wires that forensic investigators can use to extract data; and a “chip-off” method that involved connecting to small metal taps that provide access to data on the chips.

The chip extractions were conducted by the Fort Worth Police Department Digital Forensic Lab and VTO Labs, a private forensics company in Colorado. These organizations sent the extracted data back to the NIST, which then conducted the JTAG extractions.

Digital forensic experts extract data from damaged smartphones using the JTAG method. Source: NISTDigital forensic experts extract data from damaged smartphones using the JTAG method. Source: NIST

The team used eight different forensic software tools to interpret the raw data, generating contacts, locations, texts, photos, social media data and more. That data was then compared to the data originally loaded onto each phone.

The comparison showed that both JTAG and chip-off methods extracted the data without altering it, but also showed that some software tools were better at interpreting the data than others, especially from social media apps.

“Many labs have an overwhelming workload, and some of these tools are very expensive,” said Rick Ayers, the NIST digital forensics expert who led the study. “To be able to look at a report and say, this tool will work better than that one for a particular case — that can be big advantage.”

To contact the author of this article, email PBrown@globalspec.com


Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the GlobalSpec
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Advertisement
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter
Advertisement