Automated Flash Memory Analysis
Small Business Information
Cybernet Systems Corporation
MI, Ann Arbor, MI, 48108-1639
AbstractElectronic devices used in criminal activity provide excellent evidence when examined, which is getting increasingly difficult as devices shrink and tools fall behind in capability. Law enforcement face an uphill battle to stay ahead of the latest technology changes since devices evolve so quickly. Central to all of these devices is the role of flash memory, which is the long-term storage available on almost all devices. As a result of these trends, there is a need to be able to obtain data from flash memories. Factors hindering obtaining useful data from seized flash chips are: 1) there is no standard way to access flash chips, 2) ordering mixed data blocks is like jigsaw solving, and 3) after reordering the data needs converted into usable pieces. Our solution is a hardware/software combination that allows software controlled reading of any chip type through programmable logic. Resulting raw data is reorganized with a software tool we developed that operates by finding "fingerprints" of various data objects, then leverages knowledge of what must be nearby to weed out false positives and obtain more fingerprints, incrementally ordering the blocks correctly. A data view orders objects, presenting multiple views of the data suitable for forensic analysis
* information listed above is at the time of submission.