aum Posted February 1, 2020 Share Posted February 1, 2020 Even if criminals try to destroy the evidence, NIST finds forensic experts can still extract data from a damaged phone. This is how they do it. Computer Scientist Rick Ayers working on a mobile phone data extraction at the National Institute of Standards and Technology (NIST) on January 30, 2020. Photo credit: Rich Press/NIST. Damaged mobile phones are still filled with plenty of useful data, according to researchers at the National Institute of Standards and Technology (NIST), which is part of the U.S. Department of Commerce. NIST published the results of a recent study on forensic methods for getting data from mobile damaged mobile phones. It tested the tools that law enforcement uses to hack phones and found that even if criminals attempt to destroy the evidence by burning, drowning, or smashing their phones, forensic tools can still successfully extract data from the phone's electronic components. "If the phone has some structural damage or thermal damage, or liquid damage, you're still able to sometimes bypass that," says Rick Ayers, the NIST digital forensics expert who led the study. He told ZDNet that modern forensic techniques are effective, although that hasn't always been the case. The Evolution of Mobile Forensics Ayers has been working on mobile forensics for the United States government for the last 17 years. During that time, he witnessed the evolution of mobile phones and the forensic tools that are used to investigate them. He started back in 2003 with PDAs (personal digital assistants) such as palm pilots and the Windows mobile PDA, then basic feature phones, and the first iPhones. While early mobile devices were groundbreaking at the time, they had limited capabilities and therefore didn't carry much useful evidence for law enforcement. They had phone logs, some texts, and perhaps a few photos. Plus, there weren't many reliable forensic tools for extracting data. The tools that did exist weren't standardized, so they could only be used on certain makes and models, such as a tool that could only hack a Nokia phone. Now, Ayers says, there is a plethora of evidence on mobile phones and better, more universal tools for extracting that data. "Essentially, everybody's carrying around a workstation in their pocket," Ayers says. The capabilities that consumers enjoy on modern smartphones also come in handy for criminal investigations. We're all leaving behind a digital trail of where we've been, who we communicate with, what we buy, and much more. All of the apps, videos, and internet browsing that we do on our phones comes along with metadata that can be extracted with modern forensic methods. How NIST Tested Forensic Methods The researchers put data on phones and then attempted to extract it using forensic tools. Ayers explains, "We have a testbed of about 40 or 50 of a variety of Android and iOS devices and feature phones and we populate each one of those phones so we know exactly what's on the phone. We use each one of those phones just like a normal user would." NIST computer scientist Jenise Reyes-Rodriguez uses the JTAG method to acquire data from a damaged mobile phone. They added contacts, social media apps with fake accounts, and created multiple accounts to talk back and forth to each other. They drove around with the phones so that GPS data would be added. They added data and deleted it so they could test whether the tools could extract both active and deleted data. Then, they used two forensic techniques to break into the phones the see if the data could be recovered. Two Ways to Hack a Damaged Phone "The JTAG and chip-off method are two techniques that allow you to get a byte for byte memory dump of the data is contained on a mobile device," says Ayers. NIST computer scientist Jenise Reyes-Rodriguez performed the JTAG procedure on site. JTAG stands for Joint Task Action Group, the industry association that formed to create a standard for the manufacturing of Integrated Circuits. The NIST study only included Android devices because most Android devices are "J-taggable," while iOS devices aren't. The forensic technique takes advantage of taps, short for test access ports, which are usually used by manufacturers to test their circuit boards. By soldering wires onto taps, investigators can access the data from the chips. To perform a JTAG extraction, Reyes-Rodriguez first broke the phone down to access the printed circuit board (PCB). She carefully soldered thin wires the size of a human hair onto small metal components called taps, which are about the size of a tip of a thumbtack. "JTAG is very tedious and you do need a lot of training," says Ayers. "You need to have good eyes and very steady hand." The researchers compared JTAG to the chip-off method, which is another forensic technique. While JTAG work was done at NIST, the chip-off extraction was conducted by the Fort Worth Police Department Digital Forensics Lab and a private forensics company in Colorado called VTO Labs. (See our previous coverage of their drone forensics work here.) Delicate metal pins connect chips to a phone's circuit board. An older version of the chip-off method involved experts gently pulling the chips off a PCB, but this risked damaging the tiny pins, which made it impossible to get the data. For the newer chip-off technique, forensic experts grind down the PCB to the pins underneath the chip and then put the chip in a reader. Ayers explains, "That's going to give you more data than compared to a logical file extraction done through software." Digital forensics experts can often extract data from damaged mobile phones using the JTAG method. Results of the Study After the data was extracted, Ayers and Reyes-Rodriguez used forensic software to interpret the data. They recovered contacts, locations, social media data, etc. and compared it to the original data that they had loaded onto the phones. They concluded that both JTAG and chip-off methods effectively extracted data from phones. This study focused on the forensic tools that are used to extract data, but it didn't focus on how to get past encrypted data. However, the researchers note that law enforcement agents are often able to retrieve criminals' passwords during the investigation. The full reports from the study are available on the Department of Homeland Security's cyber forensics website. Source Link to comment Share on other sites More sharing options...
steven36 Posted February 1, 2020 Share Posted February 1, 2020 Thats why you take a Sledgehammer to it before you put it in trash . Tech Experts Think You Should Take A Sledgehammer To Your Old Phone https://www.forbes.com/sites/kateashford/2015/07/31/old-phone/#311e8e476754 PCs are no better if they not been encrypted with open source encryption. non encrypted PCs even a layman off the street can download some software to recover files so you need to smash ye Hard Drives or SSD before you get rid of it . The Law have tech to crack passwords for encryption on smart phones but if you stupid enough to use a smart phone to commit crimes you knew the risk that if you commit crimes that you may get busted before you done it so thats your own fault . Encryption was never meant to evade the law it was meant to protect you against Hackers and thieves i doubt they have millions of dollars to crack them . Link to comment Share on other sites More sharing options...
Guest Posted February 1, 2020 Share Posted February 1, 2020 I would rather burn the stuff into fire and let it burned completely. Link to comment Share on other sites More sharing options...
mp68terr Posted February 1, 2020 Share Posted February 1, 2020 The PCBs do not look much damaged in the pics. Link to comment Share on other sites More sharing options...
steven36 Posted February 1, 2020 Share Posted February 1, 2020 1 hour ago, Edward Raja said: I would rather burn the stuff into fire and let it burned completely. Best to smash them up before you burn them Quote Know the phone you want to destroy and know that no electronics can beat physical destruction. So first of all, remove the storage card (if it has one) and smash it to smithereens with a hammer or some such. Then set fire to it. In this case, know where the motherboard of the phone in question is located and set them on fire together. Quote It may be wise to remove the battery first if possible, as they may explode when set on fire - but then, maybe not, if you're a safe distance away and behind a protective screen. Still, info may be retrieved from the cloud storage if the account is known. So if it's your own phone, first delete anything that may be on the cloud, then proceed to destroying the hardware. If it's someone else's phone, you have no guarantee. That's the whole logic behind "the cloud". Suck it up. The other problem is they so many idiots backing up there smartphone to the cloud that not even encrypted that if you was trying evade the law they still most likely will get access to your data . Even hackers have stole lots of stuff from icloud and leak it on the internet and the hackers never even had physical possession of there phone . Many peoples info is for sale on the darknet anymore So only thing is 100% safe is stop using the internet. Last Junk PC i had i just pulled HD out and put in another computer so they was nothing in it to find , unless the hard drive been damaged it can be reused I think its kind of just being paranoid most used phones on the market were sold in working condition . Also many people get there phones stolen in working condition so thats why they need to be encrypted. Land fields are full of e-waste garbage for years and years that never gets recycled much less the info on them recovered by anyone .Most data recovered from phones and PCs is because they resold it or donated instead of throwing it away , are they was stolen . But it's better to be paranoid than sorry but if someone steals it you have no way to destroy it and it happens often. Is The Data On Your Business' Digital Devices Safe? According to a report by Kensington, one laptop is stolen every 53 seconds, and over 70 million cell phones are lost each year. These startling statistics makes one wonder how safe and secure the data on their digital device actually is? Sure, passwords and pass codes help to protect these digital devices from security breaches, but they are not a failsafe way to guard your confidential information against getting into the wrong hands. For businesses, this can be detrimental to a brand as customer data can be at risk or personnel files can become exposed putting your entire staff in a precarious situation. Source: https://www.forbes.com/sites/steveolenski/2017/12/08/is-the-data-on-your-business-digital-devices-safe/ Data Shows Cell Phones Are Being Stolen at Alarming Rate https://www.nbcsandiego.com/news/local/data-shows-cell-phones-are-being-stolen-at-alarming-rate/146918/ So reality is your more likely to lose your smartphone or someone steal it than if you threw it in the trash at home and someone find it. Most dumpster divers are not going to dig in trash bags they look for lose rubbish of some value .A old PC may get pulled out the trash by a Linux user or something but there so big most people never put them in a trash bag. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.