You are here

Mobile Device Forensics

Description:

Within the area of mobile device forensics, the Department of Homeland Security (DHS) Science and Technology (S&T) Directorate is currently interested in three distinct facets of this complex problem area. Proposers can respond to any of the three sub-topics listed below (i.e., proposers may submit up to three different sub-topic proposals in response to this mobile device forensics topic).

Sub-topic 1. NAND/NOR Chip Forensics – Flash memory is now present in a variety of devices including: mobile phones, iPads, eReaders, thumb drives, picture frames, and laptops. Investigators require technology to effectively obtain information from flash memory (both NAND and NOR) chips in a forensically sound manner.

There are three issues for law enforcement in this area:

1. Reading the data stored on the chip

2. Reverse engineering of the wear-leveling algorithm

3. Mounting the file system

The developed capability is envisioned to be a lab tool that addresses all three of the above issues. This is not intended to be extended for field use at this time.

Sub-topic 2. Bypassing PIN/PUK Codes – GSM, iDen, World Phones, and satellite phones use removable Subscriber Identity Module (SIM) and Micro-SIM cards to communicate on a cellular network. Without a PIN, an investigator cannot directly access data stored on a locked SIM card. Data on the SIM typically includes: contact lists, call history, SMS messages, and subscriber information. SIM cards can be locked with a 4-digit Personal Identity Number (PIN) and an 8- digit Personal Unlocking Key (PUK) that disables direct access to, and examination of, data stored on the SIM.

Law enforcement investigators require a tool to extract PIN and PUK codes from locked SIM cards.

Sub-topic 3. Disposable Cell Phone Analysis – Disposable phones (“throw-away”, “burner”, or “fast” phones) are frequently used by criminals because they are inexpensive and do not require a contract, credit card or personal information. Most disposable phones are GSM based, but CDMA phones are also available and these handsets either do not have external port access to retrieve information or access is prohibited in some other fashion. Law enforcement requires a tool to extract information from disposable phones.

This sub-topic will focus on the demonstration and development of methods and tools that will allow an investigator to acquire all: call logs, contacts, pictures, videos, and text messages stored within all disposable cell phones. The goals of this effort are:

1. Demonstrate and implement the capability to acquire the full physical memory of the devices in a designated population of disposable cell phones in a forensically sound manner.

2. Demonstrate and implement the capability to efficiently examine (parse) acquired data from a designated population of disposable cell phones in a forensically sound manner.

PHASE I:

Sub-topic 1. NAND/NOR Chip Forensics – Design a method for comprehensive chip reader and memory parser for NAND and NOR flash memory chips.

Sub-topic 2. Bypassing PIN/PUK Codes – Design a method for a forensically sound tool that will successfully decrypt SIM cards by acquiring PIN and PUK codes from locked SIM cards.

Sub-topic 3. Disposable Cell Phone Analysis - Design a method to acquire physical memory from a designated population of disposable cell phones in a forensically sound manner.

PHASE II:

Sub-topic 1. NAND/NOR Chip Forensics – Demonstrate and implement hardware and software applications for development of a comprehensive chip reading and memory parsing tool for NAND and NOR flash memory chips. The tool should be developed for law enforcement and forensic examiner use and, where possible, should be delivered as open source technology.

Sub-topic 2. Bypassing PIN/PUK Codes – Demonstrate and implement hardware and software applications for development of a forensically sound tool that will successfully decrypt SIM cards by acquiring PIN and PUK codes from locked SIM cards. The tool should be developed for law enforcement and forensic examiner use and, where possible, should be delivered as open source technology.

Sub-topic 3. Disposable Cell Phone Analysis – Demonstrate and implement hardware and software tools required to acquire and efficiently examine physical memory data from a designated population of disposable cell phones in a forensically sound manner. The tool should be developed for law enforcement and forensic examiner use and, where possible, should be delivered as open source technology.

PHASE III: COMMERCIAL APPLICATIONS: All sub-topics - The final developed tools will be marketable to a wide variety of Federal, State, and local law enforcement agencies. It is anticipated that those tools delivered as open source technology will require support, custom extensions, and additional applications as new mobile device technologies are commercially introduced.

US Flag An Official Website of the United States Government