Smash it, submerge it in water, and perhaps shoot it for good measure – just three of the methods criminals use to permanently erase digital evidence from smartphones.
And yet, as many criminals have found out to their cost, reducing a device to a pile of smashed plastic and glass means nothing if the internal memory chips remain in working order.
The forensic engineers who help police gather evidence understand this even if it’s not always been clear which methods are the most effective as extracting data accurately enough for it to meet standards of evidence.
With more and more evidence now sitting on smartphones, a better understanding of what works and what doesn’t has suddenly turned into an urgent issue.
To examine the issue, the US National Institute of Standards and Technology (NIST) says it recently conducted tests using 10 popular Android smartphones careful loaded with a mix of data accumulated during simulated use.
This wasn’t as easy as it sounds and required the testers to load each device with photos, social media and app data, GPS traces and the like.
Engineers from NIST and its forensic partners then attempted to extract the data from the internal chips using different methods to compare with the original data set.
At a physical level this involved hooking up to the test smartphone’s circuit board via ‘JTAG’ test connectors or by carefully extracting the chips and connecting to them direct. NIST writes:
The comparison showed that both JTAG and chip-off extracted the data without altering it, but that some of the software tools were better at interpreting the data than others, especially for data from social media apps.