Project Two Title: Successful device acquisition vs. device submersion duration Subtitle: A longevity study analyzing the efficacy of recovery techniques applied against water duration damage of mobile phones. Description: Research project on the effectiveness of water recovery techniques compared to forensic acquisition success. Hypothesis: As the duration of water exposure increases, the efficacy of recovery techniques diminishes and increasingly complex techniques are required to recover data from intact mobile phones. Scenario: A defined set of identical devices with known datasets will be exposed to fresh water submersion for specific periods of time. A forensic acquisition will be completed against the device before water submersion. After retrieval from the water, industry standard PCB cleaning and water mitigation techniques will be applied against the devices. Once the devices are clean, dry and stable; forensic acquisitions will be attempted again. As damaged increases to the devices, forensic acquisition techniques will shift from (1) tethered connection to device then (2) JTAG connection to circuit board and finally (3) chip-off of the controller and flash memory chips on the devices. Devices will be tracked for duration submerged, duration from retrieval until recovery begins, water variables, recovery techniques, and forensic acquisition success. All devices will be known good devices prior to submersion with a defined dataset on device. Submerged durations: 24 hours; 7, 30, 180, and 365 days Submerged liquid: Freshwater Expanded research: If interest and support exists for collaboration, project can be expanded to included brackish and saltwater submersions with identical scenarios. Current Project Status: Estimated start date November 2014. Help Needed:
Survey: Presentations: Work-in-progress presentation and project announcement at DFRWS 2014, Denver, Colorado, 05 August 2014. Publication: TBD Contact: |