Abstract
Investigators routinely recover data from mobile devices. In many cases the target device is severely damaged. Events such as airplane crashes, accidents, terrorism or long submersion may bend or crack the device's main board and hence prevent using standard forensic tools. This paper shows how to salvage forensic information when NAND memory, SoC or cryptographic chips are still intact. We do not make any assumptions on the state of the other components. In usual forensic investigations, damaged phone components are analysed using a process called “forensic transplantation”. This procedure consists of unsoldering (or lapping) chips, re-soldering them on a functionnal donor board and rebooting.
Package on Package (PoP) component packaging is a new technique allowing manufacturers to stack two silicon chips, e.g. memory, CPU or cryptographic processors. Currently, PoP is widely used by most device manufacturers and in particular by leading brands such as Apple, BlackBerry, Samsung, HTC and Huawei. Unfortunately, forensic transplantation destroys PoP components.
This work overcomes this difficulty by introducing a new chip-off analysis method based on High Temperature Thixotropic Thermal Conductive Adhesive (HTTTCA) for gluing the PoP packages to prevent misalignment during the transplantation process. The HTTTCA process allows the investigator to safely unsolder PoP components, which is a crucial step for transplantation. To demonstrate feasibility, we describe in detail an experimental forensic transplantation of a secure mobile phone PoP CPU.
Package on Package (PoP) component packaging is a new technique allowing manufacturers to stack two silicon chips, e.g. memory, CPU or cryptographic processors. Currently, PoP is widely used by most device manufacturers and in particular by leading brands such as Apple, BlackBerry, Samsung, HTC and Huawei. Unfortunately, forensic transplantation destroys PoP components.
This work overcomes this difficulty by introducing a new chip-off analysis method based on High Temperature Thixotropic Thermal Conductive Adhesive (HTTTCA) for gluing the PoP packages to prevent misalignment during the transplantation process. The HTTTCA process allows the investigator to safely unsolder PoP components, which is a crucial step for transplantation. To demonstrate feasibility, we describe in detail an experimental forensic transplantation of a secure mobile phone PoP CPU.
Original language | English |
---|---|
Pages (from-to) | 29-39 |
Number of pages | 11 |
Journal | digital investigation |
Volume | 26 |
Early online date | 31 May 2018 |
DOIs | |
Publication status | Published - Sept 2018 |
Keywords
- Forensic Rework
- Hardware Forensics
- Adhesives Properties
- Forensic Transplantation