Mobile Device Forensics

D12PC00474 DHS SBIR-2011.2-H-SB011.2-003-0006-II
(DHS SBIR-2011.2 Phase II)
Sub-topic 1. NAND/NOR Chip Forensics - Phase II

1000 Lake Street
Suite 203
Oak Park, IL 60301-1131


The overall goal of this project is to develop new tools and techniques to address current limitations in mobile forensics. Many factors, including NAND Flash memory, passcode protected phones, encrypted data, lack of device support and simplistic analysis techniques in current forensic tools drive the need for advancements in mobile forensic tools. Phase I of this project was highly successful. We developed techniques that created a forensically sound and verifiable image of data on devices utilizing NAND flash memory. We also developed tools which enabled more effective analysis of the acquired data. Phase II will build upon the successes of Phase I by: 1. Expanding the number of Android devices our NAND Flash Write Blocker (vNandBlock) and acquisition tools support; 2. Porting applicable vNandBlock and acquisition tools Apple iOS and Windows Phone devices; 3. Applying advanced analytic techniques to extract mobile forensics data; 4. Developing forensic training modules which incorporate the knowledge gained in the development of these new techniques and tools. The new tools and techniques developed in Phase II would provide direct benefit to law enforcement agencies tasked with analyzing mobile devices in civil, criminal and national security investigations. The advanced data analysis engine would greatly improve the amount of intelligence which could be generated from mobile devices. viaForensics believes that Phase II will enable us to expound on our existing and proven commercialization vehicles including viaExtract(TM) (our forensic software product) and proprietary training courses and aggressively pursue opportunities to license our technology to other commercial entities.