By Rene Novoa, Senior Manager of eDiscovery and Digital Forensics
The pace of change in technology is moving at lightning speed. Seemingly overnight, we went from having a computer in every home, to having a computer in every back pocket. In equal proportion, there has been a shift to mobile devices in where we find evidence for criminal or civil litigation.
We now store everything on our phones, which are with us at all times. If we leave the house without a wallet, we’ll probably continue on our way. Our phones on the other hand, warrant u-turns and adding precious minutes to our commute time.
Services for Smartphones, Prepaid Cell Phones and Tablets
- Forensic imaging
- Forensic image data recovery
- Spyware detection
- Mapping of cell tower records
- Physical memory (Hex) dump
- Phone file system capture
- Expert witness testimony
- Legal consulting
- Thorough documentation from receipt to completion
No Data = No Case
When a mobile device such as a smartphone or tablet is identified as holding possible evidence, the device must be collected and preserved immediately. Data changes at the touch of the screen and preserving digital evidence is often the key.
DriveSavers has a well respected history working with legal counsel, law enforcement and government agencies to pull relevant electronic evidence from mobile devices. This practice is known as mobile forensics.
Types of Evidence Found on Mobile Devices
- Call logs and history, including calls dialed, calls received, call times, call durations and missed calls
- Text messages (SMS, application-based and multimedia)
- Contacts, including contact names and phone numbers
- Address book, including residential and email addresses
- Calendar entries
- Task lists
- Pictures, videos and audio recordings
- Social network artifacts (Facebook, Twitter, IM)
- Application data
- Timeline of user activity
- GPS data
- Apple Wallet
- iCloud backup
- User created data
- Passwords, pass codes, swipe codes and user account credentials
Prepaid Cell Phones
Prepaid cell phones are popular for use in criminal activities because they can be purchased and used anonymously. Known as “burner phones” to law enforcement, there are tens of millions of prepaid cell phones in use, developed and manufactured by hundreds of different companies.
Each of these devices is equipped with a NAND flash chip that may be unique to its manufacturer or version that requires equally unique tools and techniques to perform recovery. Essentially, every different model of prepaid cell phone, or burner phone, may require its own R&D, making it difficult and time consuming to access data. Often, internal teams from local law enforcement are unable to perform recovery on these devices due to limited manpower and resources.
By way of chip-off technology, the removal of NAND flash storage chips for data recovery purposes, DriveSavers can access data from notoriously inaccessible devices. Utilizing specialized forensic tools and industry software, engineers at DriveSavers can then perform analysis on the recovered data.
DriveSavers proprietary capabilities and techniques allow us to tackle recovery most others cannot. Just like a seasoned chef, our team must regularly create entirely new recipes when working with these burner devices.
Chip-off is an advanced method of data extraction which involves physically removing NAND flash memory chips from a device. This technique is generally used with non-iPhone smartphones, but it can also be used for many Internet of Things (IoT) digital devices that hold data using NAND technology.
1. Remove NAND flash memory chip
2. Clean chip and rebuild if necessary
3. Image chip (extract raw data)
4. Analyze extracted data
Always Ahead with R&D
DriveSavers engineers love when they receive a project that “can’t be done.” Why? Because they absolutely thrive on making the impossible happen.
Every new technology that comes out, we are eager to get it into our hands and develop repeatable methods of overcoming every obstacle. As a result, we tend to be the first to access data from notoriously inaccessible devices.
We are fortunate to be partnered with original device manufacturers (OEM) and other companies responsible for the evolution and invention of new technologies. These partnerships are often pivotal to our ability to develop customized solutions and results.
For over thirty years, DriveSavers has been ahead of the rest of the industry in developing solutions to impossible problems. Here’s a list of just a few of the problems that “couldn’t be solved” but were successfully surmounted by DriveSavers engineers ahead of everyone else:
- The first iPhone
- Fire damage
- Head crash
- Prepaid “burner” phone
- Passcode bypass
- Proprietary operating system
With an emphasis on research and development and the drive inherent in our engineers, DriveSavers looks forward to always being the first to deliver solutions for new “unsolvable” problems in the world of data storage. With the continuing shift to mobile devices, that will mean ever expanding mobile forensic capabilities.
Mobile Forensic Capabilities
- All mobile technologies, including CDMA, GSM, IDEN, TDMA and EDGE
- All wireless service providers, including Verizon Wireless, Sprint/Nextel, AT&T, T-Mobile, Cricket and TracFone
- All makes including Apple, LG, Samsung, HTC, Sony, Nokia, Blackberry, Motorola, Google, ASUS, Hewlett-Packard, Huawei, Lenovo, Xiaomi, Micromax, Alcatel, Nexus, OPPO, Pantech, K-Touch and Gionee
- All operating systems, including Apple iOS, Android, Symbian, Blackberry, Windows, BADA, Palm, Open WebOS, Maemo, MeeGo and Verdict
- HEX dumps
- Recovery of deleted data such as deleted text messages
- Passcode bypass
- Advanced unlocking services including newer iPhone and Samsung devices (available to LEOs only)
- Bricked phones and devices
- Logical corruption
- Physical damage, such as corrosion, solder deterioration, dropped or crushed
- Disaster, such as fire, water or power surge