Case Brief

A Blackberry Bold 9790 mobile phone was submitted by the

client in an attempt to explain the disappearance of a young

man. The handset was found in the sea at the foot of a cliff.

The IMEI number of the phone identified that it had belonged

to the missing person. The handset had been submersed in salt

water for several weeks.

It was not possible to power the handsets on or perform

forensic extractions in the condition received.

MD5 Case Study: Flash Memory Chip Removal

Water Damaged Phone

Analysis and Examination ...continued overleaf

Assessment by the analyst determined the handset would not

power on safely (and highly unlikely it would power on at all)

so it was disassembled.

Due to the damage to the motherboard, neither JTAG nor ISP

techniques would work on this model so our Analyst opted for

a chip removal process and a direct read of the memory chip

to get a full ‘physical download’ or binary dump of the device.

Analysis and Examination ...continued

As a precaution, our Analyst also specially prepared the Printed Circuit Board (PCB)

to ensure the chip would not be further compromised during the chip removal

process. The device and components were cleaned and dried using specialist

forensic techniques to ensure clean contact with the pins and to maximise the

chances of a positive data dump.

Prior to cleaning, neither the 16GB memory card or SIM card would read but this

process enabled a full download of data from both components.

Results

The chip was successfully removed, cleaned up, prepared under a microscope and then read using

specialist hardware. The acquired data was decoded and text messages, photos and other key data

were found on the handset which gave our client and the victim’s family some important insight into

what may have happened immediately prior to the phone being lost.

© 2019 MD5 Ltd. All rights reserved. 2019NOV04