RSS
 
 

Data Extraction Suite

One issue related to computer forensics, is the extraction of data from within embedded systems , this has to be accomplished without  modification to the physical  item being forensically examined, as well as ensuring that any data extracted is done so within an  audit-able environment  meeting established good chain of custody  requirements.

Normal  chip programmers/readers  fail to meet the requirement because they are specifically designed to program chips or read content in a manufacturing environment rather than in a forensic environment,as such they do not meet the traceability and integrity requirements needed for valid forensic extraction.

To this end we have assembled a custom hardware solution designed to meet  the requirements of a forensic based extraction environment.

The systems will initially target data extraction from in circuit I2C chips.

The system is rudimentary at this stage, but it allows I2C data to be extracted from most onboard chips whilst they are still in circuit on the main PCB.

Here we see the manufacturers embedded data which has been extracted from the I2C chip onboard a Kingston KVR400x64c3A/256 DDR ram board.

The data can be  saved /edited and re-written back to the device.

There is also a byte analysis system that will include CRC codes and SHA2 checksums.

Leave a Reply

 

*