Jump to content

Burn, drown, or smash your phone: Forensics can extract data anyway


Recommended Posts

Even if criminals try to destroy the evidence, NIST finds forensic experts can still extract data from a damaged phone. This is how they do it.


rickayers-nist.jpg Computer Scientist Rick Ayers working on a mobile phone data extraction at the National Institute of Standards and Technology (NIST) on January 30, 2020. Photo credit: Rich Press/NIST.


Damaged mobile phones are still filled with plenty of useful data, according to researchers at the National Institute of Standards and Technology (NIST), which is part of the U.S. Department of Commerce. NIST published the results of a recent study on forensic methods for getting data from mobile damaged mobile phones. It tested the tools that law enforcement uses to hack phones and found that even if criminals attempt to destroy the evidence by burning, drowning, or smashing their phones, forensic tools can still successfully extract data from the phone's electronic components.


"If the phone has some structural damage or thermal damage, or liquid damage, you're still able to sometimes bypass that," says Rick Ayers, the NIST digital forensics expert who led the study. He told ZDNet that modern forensic techniques are effective, although that hasn't always been the case.

The Evolution of Mobile Forensics

Ayers has been working on mobile forensics for the United States government for the last 17 years. During that time, he witnessed the evolution of mobile phones and the forensic tools that are used to investigate them. He started back in 2003 with PDAs (personal digital assistants) such as palm pilots and the Windows mobile PDA, then basic feature phones, and the first iPhones.


While early mobile devices were groundbreaking at the time, they had limited capabilities and therefore didn't carry much useful evidence for law enforcement. They had phone logs, some texts, and perhaps a few photos. Plus, there weren't many reliable forensic tools for extracting data. The tools that did exist weren't standardized, so they could only be used on certain makes and models, such as a tool that could only hack a Nokia phone.


Now, Ayers says, there is a plethora of evidence on mobile phones and better, more universal tools for extracting that data.


"Essentially, everybody's carrying around a workstation in their pocket," Ayers says.


The capabilities that consumers enjoy on modern smartphones also come in handy for criminal investigations. We're all leaving behind a digital trail of where we've been, who we communicate with, what we buy, and much more. All of the apps, videos, and internet browsing that we do on our phones comes along with metadata that can be extracted with modern forensic methods.

How NIST Tested Forensic Methods

The researchers put data on phones and then attempted to extract it using forensic tools.


Ayers explains, "We have a testbed of about 40 or 50 of a variety of Android and iOS devices and feature phones and we populate each one of those phones so we know exactly what's on the phone. We use each one of those phones just like a normal user would."



NIST computer scientist Jenise Reyes-Rodriguez uses the JTAG method to acquire data from a damaged mobile phone.


They added contacts, social media apps with fake accounts, and created multiple accounts to talk back and forth to each other. They drove around with the phones so that GPS data would be added. They added data and deleted it so they could test whether the tools could extract both active and deleted data.


Then, they used two forensic techniques to break into the phones the see if the data could be recovered.

Two Ways to Hack a Damaged Phone

"The JTAG and chip-off method are two techniques that allow you to get a byte for byte memory dump of the data is contained on a mobile device," says Ayers.


NIST computer scientist Jenise Reyes-Rodriguez performed the JTAG procedure on site.


JTAG stands for Joint Task Action Group, the industry association that formed to create a standard for the manufacturing of Integrated Circuits. The NIST study only included Android devices because most Android devices are "J-taggable," while iOS devices aren't. The forensic technique takes advantage of taps, short for test access ports, which are usually used by manufacturers to test their circuit boards. By soldering wires onto taps, investigators can access the data from the chips.

To perform a JTAG extraction, Reyes-Rodriguez first broke the phone down to access the printed circuit board (PCB). She carefully soldered thin wires the size of a human hair onto small metal components called taps, which are about the size of a tip of a thumbtack.


"JTAG is very tedious and you do need a lot of training," says Ayers. "You need to have good eyes and very steady hand."


The researchers compared JTAG to the chip-off method, which is another forensic technique. While JTAG work was done at NIST, the chip-off extraction was conducted by the Fort Worth Police Department Digital Forensics Lab and a private forensics company in Colorado called VTO Labs. (See our previous coverage of their drone forensics work here.)


Delicate metal pins connect chips to a phone's circuit board. An older version of the chip-off method involved experts gently pulling the chips off a PCB, but this risked damaging the tiny pins, which made it impossible to get the data. For the newer chip-off technique, forensic experts grind down the PCB to the pins underneath the chip and then put the chip in a reader.


Ayers explains, "That's going to give you more data than compared to a logical file extraction done through software."



Digital forensics experts can often extract data from damaged mobile phones using the JTAG method.


Results of the Study

After the data was extracted, Ayers and Reyes-Rodriguez used forensic software to interpret the data. They recovered contacts, locations, social media data, etc. and compared it to the original data that they had loaded onto the phones. They concluded that both JTAG and chip-off methods effectively extracted data from phones.


This study focused on the forensic tools that are used to extract data, but it didn't focus on how to get past encrypted data. However, the researchers note that law enforcement agents are often able to retrieve criminals' passwords during the investigation.


The full reports from the study are available on the Department of Homeland Security's cyber forensics website




Edited by aum
Link to comment
Share on other sites

Thats  why you take  a  Sledgehammer to it before you put it in trash .


Tech Experts Think You Should Take A Sledgehammer To Your Old Phone



PCs are no better if they not been encrypted with open source encryption.  non  encrypted  PCs even a layman  off the street can download  some software  to recover files  so  you need to smash ye Hard Drives or SSD before you get rid of it .  The Law   have tech to crack passwords  for encryption on smart phones  but if you stupid enough  to use a smart phone to commit crimes    you knew the risk that if you commit crimes  that you may get busted before you done it so thats your own fault . Encryption was never meant to evade the law it was meant  to protect you against  Hackers  and thieves i doubt they have millions  of dollars to crack them .

Edited by steven36
Link to comment
Share on other sites

1 hour ago, Edward Raja said:

I would rather burn the stuff into fire and let it burned completely.

Best to smash them up before you burn them



Know the phone you want to destroy and know that no electronics can beat physical destruction. So first of all, remove the storage card (if it has one) and smash it to smithereens with a hammer or some such. Then set fire to it. In this case, know where the motherboard of the phone in question is located and set them on fire together.


It may be wise to remove the battery first if possible, as they may explode when set on fire - but then, maybe not, if you're a safe distance away and behind a protective screen. Still, info may be retrieved from the cloud storage if the account is known. So if it's your own phone, first delete anything that may be on the cloud, then proceed to destroying the hardware. If it's someone else's phone, you have no guarantee. That's the whole logic behind "the cloud". Suck it up.


The other problem is they so many idiots backing up there smartphone to the cloud that not even encrypted  that if you was trying evade the law  they still most likely will get access to your data . Even hackers have stole lots of stuff from icloud  and leak it on the internet  and the hackers never even had physical possession of there phone .  Many peoples info is for sale on the darknet anymore   So only thing is 100% safe is stop using the internet.:clap:


Last Junk PC  i had  i just pulled HD  out  and put in another computer so they was nothing in it to find , unless  the hard drive been damaged it can be reused   I think its kind of just being paranoid  most used  phones  on the market  were sold in working  condition . Also many people get there phones stolen in working  condition so thats why  they need to be encrypted.  Land fields are full of e-waste garbage for years and years that never gets recycled much less the info on them recovered by anyone .Most data recovered from phones and PCs  is because they resold it or donated instead of throwing it away , are they was stolen  . But it's better  to be paranoid  than sorry but if someone steals  it  you have no way to destroy it  and  it happens often.


Is The Data On Your Business' Digital Devices Safe?

According to a report by Kensington, one laptop is stolen every 53 seconds, and over 70 million cell phones are lost each year. These startling statistics makes one wonder how safe and secure the data on their digital device actually is?


Sure, passwords and pass codes help to protect these digital devices from security breaches, but they are not a failsafe way to guard your confidential information against getting into the wrong hands. For businesses, this can be detrimental to a brand as customer data can be at risk or personnel files can become exposed putting your entire staff in a precarious situation.


Source: https://www.forbes.com/sites/steveolenski/2017/12/08/is-the-data-on-your-business-digital-devices-safe/


Data Shows Cell Phones Are Being Stolen at Alarming Rate



So reality is your more likely  to lose your smartphone or someone steal  it than if you threw it in the trash at home and someone find it. Most dumpster divers  are not going to dig in trash bags  they look for lose rubbish of some value  .A  old PC  may get pulled out the trash by a Linux user or something but there so big most people never put them in a trash bag.

Edited by steven36
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...