There are two principal methods when coping with cell phone knowledge restoration and flash recoveries. By interrogating the NAND reminiscence chip, each of those methods give knowledge restoration engineers entry to a low-level picture of the info, though they’re each very completely different. Cell phones, flash storage and solid-state-drives all depend on reminiscence chips for storing data in distinction to laborious disk drives, which use rotating platters and browse/write heads.
In relation to laborious disk drives all of them have a tendency to make use of a typical method to storing knowledge, which means that knowledge restoration instruments could be generic. Flash units however differ much more having a wealth of various knowledge codecs, file constructions, algorithms, reminiscence sorts and configurations, knowledge extractors are sometimes ‘machine particular’. Which means that the one approach to achieve a bit for bit copy of the uncooked knowledge is to interrogate the reminiscence chips straight, successfully bypassing the working system. That is the place chip-off and JTAG expertise comes into play.
The primary technique is the chip-off method. This system requires de-soldering the reminiscence chip from the circuitry. With a view to take away the chip from the machine with out inflicting any injury it requires precision ability beneath a microscope as making any tiny errors dangers shedding all the info completely. After the chip is eliminated it may be learn with knowledge extractors. NAND chips are often a lot simpler to learn than different varieties of chip and are usually what SD playing cards and iPhones use. That is as a result of reminiscence structure and pin configuration being standardised. The pins are on the skin which means there is no such thing as a must rebuild the connectors. Different widespread varieties of chip such because the BGA have a number of connectors on the underside that are straight soldered to the motherboard with hundreds of various configurations so are far more troublesome to take away.
The second technique is JTAG which does not require elimination of the chip. An information restoration engineer can typically entry the reminiscence by the JTAG ports. It is a far more prolonged course of and doesn’t injury the media. This implies it may be saved in a working state which is usually a vital requirement in forensic investigations. A draw back of this technique is that it isn’t at all times as profitable and could be a riskier possibility.
Each strategies will produce a low-level picture which is then ‘decoded’ and the person’s knowledge could be rebuilt. Each chip-off and JTAG expertise is rising and turning into far more dependable which means that the success charges of knowledge restoration from cellphones is nearly nearly as good as that of laborious disk drives.