•  
  •  
 

Abstract

Throughout the digital forensic community, chip-off analysis provides examiners with a technique to obtain a physical acquisition from locked or damaged digital device. Thermal based chip-analysis relies upon the application of heat to remove the flash memory chip from the circuit board. Occasionally, a flash memory chip fails to successfully read despite following similar protocols as other flash memory chips. Previous research found the application of high temperatures increased the number of bit errors present in the flash memory chip. The purpose of this study is to analyze data collected from chip-off analyses to determine if a statistical difference exists between the removal temperatures of flash memory chips successfully and unsuccessfully read by using a t-test, F-test and an analysis of variance (ANOVA). The results from the statistical evaluation showed no statistical difference between the groups of memory chips successfully and unsuccessfully read, as well as, between older and newer types of Ball Grid Array (BGA) memory chips.

References

Android. (n.d.). Encryption. Retrieved from https://source.android.com/security/encryption/

Apple. (2018). iOS security Guide. Retrieved from https://www.apple.com/business/docs/iOS_Security_Guide.pdf

Ayers, R., Brothers, S., & Jansen, W. (2014). Guidelines on mobile device forensics (NIST Special Publication 800-101). Washington, DC: U.S. Department of Commerce.

Bair, J. (2018). Seeking the truth from mobile evidence: Basic fundamental, intermediate and advanced overview of current mobile forensic investigations. San Diego, CA: Elsevier.

Billard, D., & Vidonne, P. (2015). Chip-off by matter subtraction: Firgida Via. Conference on Systematic Approaches to Digital Forensic Engineering.

Breeuwsma, M. F. (2006). Forensic imaging of embedded systems using JTAG (boundary-scan). Digital Investigation, 3, 32-42.

Breeuwsma, M., de Jongh, M., Klaver, C., van der Knijff, R., & Roeloffs, M. (2007). Forensic data recovery from flash memory. Small Scale Digital Device Forensics Journal, 1(1).

Cai, Y., Haratsch, E. F., Mutlu, O., & Mai, K. (2012a). Error patterns in MLC NAND flash memory: Measurement, characterization, and analysis. Design, Automation & Test in Europe Conference & Exhibition.

Cai, Y., Haratsch, E. F., Mutlu, O. & Mai, K. (2013). Threshold voltage distribution in MLC NAND flash memory: Characterization, analysis, and modeling. Design, Automation & Test in Europe Conference & Exhibition.

Cai, Y., Mutlu, O, Haratsch, E. F., & Mai, K. (2013). Program interference in MLC NAND flash memory: characterization, modeling, and mitigation. IEEE 31st International Conference on Computer Design.

Cai, Y., Luo, Y., Haratsch, E. F., Mai, K., & Mutlu, O. (2015). Data retention in MLC NAND flash memory: characterization, optimization, and recovery. IEEE Symposium on High Performance Computer Architecture.

Cai, Y., Yalcin, G., Mutlu, O., Haratsch, E. F., Cristal, A., Unsal, O. S., & Mai, K. (2012b). Flash correct-and-refresh: Retention-Aware error management for increased flash memory lifetime. IEEE International Conference on Computer Design, 94-101.

Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers and the internet (3rd ed.). Waltham, MA, Academic Press.

Chang, Y.H., Wu, P. L., Kuo, T. K. & Hung, S. H. (2012). An adaptive file-system-oriented FTL mechanism for flash-memory storage systems. ACM Transactions on Embedded Computing System, 11(1).

Choi, H., Liu, W., & Sung, W. (2010). VLSI implementation of BCH error correction for multilevel cell NAND flash memory. IEEE Transactions on Very Large-Scale Integration (VLSI) Systems, 18(5), 843-847.

Elder, B. (2012). Chip-off and jtag analysis for mobile device forensics. Evidence Technology, 10(3).

Fukami, A., Ghose, S., Luo, Y., Cai, Y., & Mutlu, O. (2017). Improving the reliability of chip-off forensic analysis of NAND flash memory devices. Digital Investigation, 20, S1-S11.

Goodwin, R. (2017). The history of mobile phones from 1973 to 2008: The handsets that made it all happen. Retrieved from http://www.knowyourmobile.com/nokia/nokia-3310/19848/history-mobile-phones-1973-2008-handsets-made-it-all-happen

Guenin, B. M. (1997). Packing: designing for thermal performance. Electronic Cooling, 3(2), 14-19.

Govoreanu, B., & Van Houdt, J. (2008). On the roll-off of the activation energy plot in high-temperature flash memory retention test and its impact on the reliability assessment. IEEE Electron Device Letters, 20(2), 177-179.

Hintea, D., Bird, R., & Moss, J. (2017). An investigation into identifying password recovery and data retrieval in the android operating system. Proceedings of the 16th European Conference on Cyber Warfare and Security ECCWS 2017, 165-171.

Jovanovic, Z. (2012). Android forensic techniques. International Academy of Design and Technology. Retrieved from http://www.bulleproof.com/Papers/Android%20Forensics%20Techniques.pdf

Kunz, O. (2016). Android full-disk encryption: A security assessment (Master’s thesis). Retrieved from https://www.royalholloway.ac.uk/

Lee, K., Kang, M., Seo, S., Li, D. H., Kim, J., & Shin, H. (2013a). Analysis of failure mechanisms and extraction of activation energies (Ea) in 21-nm NAND flash cells. IEEE Electron Device Letter, 34(1), 48-50.

Lee, K., Kang M., Seo, S., Kang, D., Kim, S., Li, D. H., & Shin, H. (2013b). Activation energies (Ea) of failure mechanisms in advanced NAND flash cells for different generations and cycling. IEEE Transaction on Electron Devices, 60(3), 1099-1107.

Meza, J., Wu, Q., Kumar, S., & Mutlu, O. (2015). A large-scale study of flash memory failure in the field. Sigmetrics.

Pew Research Center. (2017). Mobile fact sheet. Retrieved from http://www.pewinternet.org/fact-sheet/mobile/

Rainie, L. & Perrin, A. (2017). 10 facts about smartphones as the iPhone turns 10. Pew Research Study. Retrieved from http://www.pewresearch.org/fact-tank/2017/06/28/10-facts-about-smartphones/

Regan, J. E. (2009). The forensic potential of flash memory (Master’s thesis). Retrieved from Defense Technical Information Center. (Accession No. ADA509258).

Sestanj, I. (2016). NAND flash data recovery cookbook. Belgrade, Serbia: Author.

Swauger, J. (2012) Extracting a full bit-stream image from devices containing embedded flash memory. Digital Forensics. Recovered from http://www.binaryintel.com/wp-content/uploads/2012/05/Chip-Off_Forensics_Article.pdf

SWGDE. (2016). SWGDE best practices for chip-off (Version 1.0). Scientific Working Group on Digital Evidence. Retrieved from https://www.swgde.org/documents/Current%20Documents/SWGDE%20Best%20Practices%20for%20Chip-Off

Toshiba. (2006). NAND vs. NOR flash memory: Technology overview. Retrieved from http://aturing.umcs.maine.edu/~meadow/courses/cos335/Toshiba%20NAND_vs_NOR_Flash_Memory_Technology_Overviewt.pdf

Toshiba. (2016). Flash memory: Semi-Conductor & storage products. Retrieved from http://toshiba.semicon-storage.com/

van Zandwijk, J. P. (2107). Bit-errors as a source of forensic information in NAND-flash memory. Digital Investigations, 20, S12-S19.

Van Zandwijk, J. P., & Fukami, A. (2017). NAND flash memory forensic analysis and the growing challenge of bit errors. IEEE Computer and Reliability Societies.

Wu. Q., Dong, G., Zhang, T. (2011). Exploiting heat-accelerated flash memory wear-out recovery to enable self-healing SSDs. Proceedings of the Workshop on Hot Topics in Storage and File Systems.

Yadav, A. (2010). How long does it take for technology to become outdated? Technolism. Retrieved from http://www.technolism.com/new-or-outdated-how-fast-the-latest-technology-becomes-old-in-todays-world.html

Yeh, J., Cheng, K., Chou, Y., & Wu, C. (2007). IEEE Transactions on Computer-Aided Design or Integrated Circuits and Systems, 26(6), 1101-1113

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.