Abstract
Throughout the digital forensic community, chip-off analysis provides examiners with a technique to obtain a physical acquisition from locked or damaged digital device. Thermal based chip-analysis relies upon the application of heat to remove the flash memory chip from the circuit board. Occasionally, a flash memory chip fails to successfully read despite following similar protocols as other flash memory chips. Previous research found the application of high temperatures increased the number of bit errors present in the flash memory chip. The purpose of this study is to analyze data collected from chip-off analyses to determine if a statistical difference exists between the removal temperatures of flash memory chips successfully and unsuccessfully read by using a t-test, F-test and an analysis of variance (ANOVA). The results from the statistical evaluation showed no statistical difference between the groups of memory chips successfully and unsuccessfully read, as well as, between older and newer types of Ball Grid Array (BGA) memory chips.
References
Android. (n.d.). Encryption. Retrieved from https://source.android.com/security/encryption/
Apple. (2018). iOS security Guide. Retrieved from https://www.apple.com/business/docs/iOS_Security_Guide.pdf
Ayers, R., Brothers, S., & Jansen, W. (2014). Guidelines on mobile device forensics (NIST Special Publication 800-101). Washington, DC: U.S. Department of Commerce.
Bair, J. (2018). Seeking the truth from mobile evidence: Basic fundamental, intermediate and advanced overview of current mobile forensic investigations. San Diego, CA: Elsevier.
Billard, D., & Vidonne, P. (2015). Chip-off by matter subtraction: Firgida Via. Conference on Systematic Approaches to Digital Forensic Engineering.
Breeuwsma, M. F. (2006). Forensic imaging of embedded systems using JTAG (boundary-scan). Digital Investigation, 3, 32-42.
Breeuwsma, M., de Jongh, M., Klaver, C., van der Knijff, R., & Roeloffs, M. (2007). Forensic data recovery from flash memory. Small Scale Digital Device Forensics Journal, 1(1).
Cai, Y., Haratsch, E. F., Mutlu, O., & Mai, K. (2012a). Error patterns in MLC NAND flash memory: Measurement, characterization, and analysis. Design, Automation & Test in Europe Conference & Exhibition.
Cai, Y., Haratsch, E. F., Mutlu, O. & Mai, K. (2013). Threshold voltage distribution in MLC NAND flash memory: Characterization, analysis, and modeling. Design, Automation & Test in Europe Conference & Exhibition.
Cai, Y., Mutlu, O, Haratsch, E. F., & Mai, K. (2013). Program interference in MLC NAND flash memory: characterization, modeling, and mitigation. IEEE 31st International Conference on Computer Design.
Cai, Y., Luo, Y., Haratsch, E. F., Mai, K., & Mutlu, O. (2015). Data retention in MLC NAND flash memory: characterization, optimization, and recovery. IEEE Symposium on High Performance Computer Architecture.
Cai, Y., Yalcin, G., Mutlu, O., Haratsch, E. F., Cristal, A., Unsal, O. S., & Mai, K. (2012b). Flash correct-and-refresh: Retention-Aware error management for increased flash memory lifetime. IEEE International Conference on Computer Design, 94-101.
Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers and the internet (3rd ed.). Waltham, MA, Academic Press.
Chang, Y.H., Wu, P. L., Kuo, T. K. & Hung, S. H. (2012). An adaptive file-system-oriented FTL mechanism for flash-memory storage systems. ACM Transactions on Embedded Computing System, 11(1).
Choi, H., Liu, W., & Sung, W. (2010). VLSI implementation of BCH error correction for multilevel cell NAND flash memory. IEEE Transactions on Very Large-Scale Integration (VLSI) Systems, 18(5), 843-847.
Elder, B. (2012). Chip-off and jtag analysis for mobile device forensics. Evidence Technology, 10(3).
Fukami, A., Ghose, S., Luo, Y., Cai, Y., & Mutlu, O. (2017). Improving the reliability of chip-off forensic analysis of NAND flash memory devices. Digital Investigation, 20, S1-S11.
Goodwin, R. (2017). The history of mobile phones from 1973 to 2008: The handsets that made it all happen. Retrieved from http://www.knowyourmobile.com/nokia/nokia-3310/19848/history-mobile-phones-1973-2008-handsets-made-it-all-happen
Guenin, B. M. (1997). Packing: designing for thermal performance. Electronic Cooling, 3(2), 14-19.
Govoreanu, B., & Van Houdt, J. (2008). On the roll-off of the activation energy plot in high-temperature flash memory retention test and its impact on the reliability assessment. IEEE Electron Device Letters, 20(2), 177-179.
Hintea, D., Bird, R., & Moss, J. (2017). An investigation into identifying password recovery and data retrieval in the android operating system. Proceedings of the 16th European Conference on Cyber Warfare and Security ECCWS 2017, 165-171.
Jovanovic, Z. (2012). Android forensic techniques. International Academy of Design and Technology. Retrieved from http://www.bulleproof.com/Papers/Android%20Forensics%20Techniques.pdf
Kunz, O. (2016). Android full-disk encryption: A security assessment (Master’s thesis). Retrieved from https://www.royalholloway.ac.uk/
Lee, K., Kang, M., Seo, S., Li, D. H., Kim, J., & Shin, H. (2013a). Analysis of failure mechanisms and extraction of activation energies (Ea) in 21-nm NAND flash cells. IEEE Electron Device Letter, 34(1), 48-50.
Lee, K., Kang M., Seo, S., Kang, D., Kim, S., Li, D. H., & Shin, H. (2013b). Activation energies (Ea) of failure mechanisms in advanced NAND flash cells for different generations and cycling. IEEE Transaction on Electron Devices, 60(3), 1099-1107.
Meza, J., Wu, Q., Kumar, S., & Mutlu, O. (2015). A large-scale study of flash memory failure in the field. Sigmetrics.
Pew Research Center. (2017). Mobile fact sheet. Retrieved from http://www.pewinternet.org/fact-sheet/mobile/
Rainie, L. & Perrin, A. (2017). 10 facts about smartphones as the iPhone turns 10. Pew Research Study. Retrieved from http://www.pewresearch.org/fact-tank/2017/06/28/10-facts-about-smartphones/
Regan, J. E. (2009). The forensic potential of flash memory (Master’s thesis). Retrieved from Defense Technical Information Center. (Accession No. ADA509258).
Sestanj, I. (2016). NAND flash data recovery cookbook. Belgrade, Serbia: Author.
Swauger, J. (2012) Extracting a full bit-stream image from devices containing embedded flash memory. Digital Forensics. Recovered from http://www.binaryintel.com/wp-content/uploads/2012/05/Chip-Off_Forensics_Article.pdf
SWGDE. (2016). SWGDE best practices for chip-off (Version 1.0). Scientific Working Group on Digital Evidence. Retrieved from https://www.swgde.org/documents/Current%20Documents/SWGDE%20Best%20Practices%20for%20Chip-Off
Toshiba. (2006). NAND vs. NOR flash memory: Technology overview. Retrieved from http://aturing.umcs.maine.edu/~meadow/courses/cos335/Toshiba%20NAND_vs_NOR_Flash_Memory_Technology_Overviewt.pdf
Toshiba. (2016). Flash memory: Semi-Conductor & storage products. Retrieved from http://toshiba.semicon-storage.com/
van Zandwijk, J. P. (2107). Bit-errors as a source of forensic information in NAND-flash memory. Digital Investigations, 20, S12-S19.
Van Zandwijk, J. P., & Fukami, A. (2017). NAND flash memory forensic analysis and the growing challenge of bit errors. IEEE Computer and Reliability Societies.
Wu. Q., Dong, G., Zhang, T. (2011). Exploiting heat-accelerated flash memory wear-out recovery to enable self-healing SSDs. Proceedings of the Workshop on Hot Topics in Storage and File Systems.
Yadav, A. (2010). How long does it take for technology to become outdated? Technolism. Retrieved from http://www.technolism.com/new-or-outdated-how-fast-the-latest-technology-becomes-old-in-todays-world.html
Yeh, J., Cheng, K., Chou, Y., & Wu, C. (2007). IEEE Transactions on Computer-Aided Design or Integrated Circuits and Systems, 26(6), 1101-1113
Recommended Citation
Ence, Choli; Runs Through, Joan; and Cantrell, Gary D.
(2019)
"Chip-off Success Rate Analysis Comparing Temperature and Chip Type,"
Journal of Digital Forensics, Security and Law: Vol. 13
, Article 7.
DOI: https://doi.org/10.15394/jdfsl.2018.1545
Available at:
https://commons.erau.edu/jdfsl/vol13/iss4/7
Included in
Computational Engineering Commons, Data Storage Systems Commons, Information Security Commons