This research was funded by NIST and the Department of Homeland Security’s Cyber Forensics Project. “To be able to look at a report and say, this tool will work better than that one for a particular case - that can be big advantage.” “Many labs have an overwhelming workload, and some of these tools are very expensive,” Ayers said. Forensics labs around the country use CFTT reports to ensure the quality of their work. ![]() Called CFTT, this project has subjected a wide array of digital forensics tools to rigorous and systematic evaluation. This study, and the resulting reports, are part of NIST’s Computer Forensics Tool Testing project. ![]() The results are published in a series of freely available online reports. Those apps are constantly changing, making it difficult for the toolmakers to keep up. The comparison showed that both JTAG and chip-off extracted the data without altering it, but that some of the software tools were better at interpreting the data than others, especially for data from social media apps. They then compared those to the data originally loaded onto each phone. NIST computer scientist Jenise Reyes-Rodriguez did the JTAG extractions.Īfter the data extractions were complete, Ayers and Reyes-Rodriguez used eight different forensic software tools to interpret the raw data, generating contacts, locations, texts, photos, social media data, and so on. The chip-off extractions were conducted by the Fort Worth Police Department Digital Forensics Lab and a private forensics company in Colorado called VTO Labs, who sent the extracted data back to NIST. “But it’s one of those things where everyone just did it one way until someone came up with an easier way.” This is like stripping insulation off a wire, and it allows access to the pins. A few years ago, experts found that instead of pulling the chips off the circuit board, they could grind down the opposite side of the board on a lathe until the pins were exposed. If you damage them, getting the data can be difficult or impossible. Experts used to do this by gently plucking the chips off the board and seating them into chip readers, but the pins are delicate. This is called the JTAG method, for the Joint Task Action Group, the manufacturing industry association that codified this testing feature.Ĭhips connect to the circuit board via tiny metal pins, and the second method, called “chip-off,” involves connecting to those pins directly. Manufacturers use those taps to test their circuit boards, but by soldering wires onto them, forensic investigators can extract data from the chips. The first method takes advantage of the fact that many circuit boards have small metal taps that provide access to data on the chips. They added GPS data by driving around town with all the phones on the dashboard.Īfter the researchers had loaded data onto the phones, they used two methods to extract it. They entered contacts with multiple middle names and oddly formatted addresses to see if any parts would be chopped off or lost when the data was retrieved. They took photos, sent messages and used Facebook, LinkedIn and other social media apps. They had to add the data the way a person normally would. ![]() The question was: Would the extracted data exactly match the original data, without any changes?įor the study to be accurate, the researchers couldn’t just zap a bunch of data onto the phones. They then extracted the data or had outside experts extract the data for them. To conduct the study, NIST researchers loaded data onto 10 popular models of phones. However, they can still be useful with encrypted phones because investigators often manage to get the passcode during their investigation. Also, the study covered only methods for accessing data, not decrypting it. ![]() The study addresses methods that work with Android phones. Some methods work better than others, depending on the type of phone, the type of data and the extent of the damage. The results of the NIST study will also help labs choose the right tools for the job.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |