Those who have been in the field for more than a few years have seen the dramatic changes in mobile forensic extraction techniques from the old Series 30 Nokia’s to the latest smart devices today. Life has gone from impossible to easy, back to impossible, and swung over to a whole lot of maybe in the last ten years.
The simple button pushing of the past has given way to deep research and a lot of frustration at times. Locked bootloaders, encryption, user passcodes, and other security measures have all conspired to make our lives more difficult.
As Mobile / Smart Devices / IoT operating systems have evolved, extraction techniques have fragmented into several different areas, from bootloader exploits, rooting, decryption and decoding, custom recoveries, Chip-Off, In-System Programming (ISP), Joint Test Action Group (JTAG), unlocking exploits, and finally to the Emergency Download (EDL) techniques and processes.
The manufacturing of Smart Devices using eMMC and EMMC NAND technologies means there could be internal storage media to be acquired and find residue evidence from all types of devices.
The point of this article is to let you know that there is data. That there is evidence in the following devices:
• Voice Recorders
• Multimedia Players
• TV Decoders
• Smart TV
• Smart Home Appliances like your Refrigerator, Stove, Dishwasher, Microwave and even your Washing Machine!
Let’s not forget your Car. So much data is now being stored in vehicles from driving habits, to radio stations, tire pressure and more.
And how about your remote toys… your Drones… most navigation and control devices?
Data is there. You can be sure more data will emerge in the years ahead on more devices.
Fortunately there are tools and training to help you and your department.
About the Authors:
Kim Thomson is a Senior Forensic Examiner and Training Expert in Smart Device Technologies
Jon Hansen is a long time Technology Expert from the original days of DOS to IoT of today