Australian Digital Forensics Conference

Document Type



SRI Security Research Institute, Edith Cowan University, Perth, Western Australia


Mobile Forensics has developed into an area of significant concern to law enforcement agencies and their counterparts, specifically as a result of individuals moving away from using traditional computers and focusing attention on their mobile device. Due to the smart phone being almost permanently attached to the person or in near proximity, it has become a significant source of information for investigators and can mean the difference between proving guilt or innocence. Tools have long been established, which provide agencies the ability to encapsulate expertise, which allows the easy download and production of reports for the mobile device and how it was used. However, whilst these tools work for the majority of devices in near perfect working condition they fail in cases where the phone is even slightly damaged. Many of the tools also require the investigator to unlock the phone or enable a feature before it can be downloaded. Should part of the phone be malfunctioning or if it prevents a feature or unlock from occurring, the ability to obtain forensic evidence will be reduced. Whilst devices can be surprisingly resilient at times, damage by throwing the device into a fire or snapping the logic board in half, will ultimately cause the device to be inoperable and beyond repair. The question therefore arises: How can the investigator even identify the model of device, considering parts of the device, including identification stickers, may have melted off or be missing? In such scenarios repairing the phone via changing the majority of the hardware from ‘donor’ phone cannot be conducted, as they are beyond repair. There is also no chance of being able to re-join the parts of a double or triple layer logic board and a re-joining a single layer logic board is both time and labour intensive. Even then there is no guarantee the phone will work again. To address these difficulties, significant monetary value needs to be invested in equipment and training to equip forensic investigators with the skills and ability in Chip-Off forensics and Ball Grid Array (BGA) rework. These skills mean the small chips from the logic board can be removed without causing damage to their delicate legs or body, enabling the data they contain to be interpreted. Once interpreted, the investigator then has the ability to find what evidence was located on the device and hopefully leading to a conviction of guilt.


13th Australian Digital Forensics Conference, held from the 30 November – 2 December, 2015 (pp. 123-131), Edith Cowan University Joondalup Campus, Perth, Western Australia.