JTAG ja ISP meetodite kasutamine kriminalistikas
Files
Date
2017
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Antud töö teemaks on andmete füüsiline kopeerimine kasutades JTAG ja ISP meetodit. Need meetodid olid algselt loodud tootja poolt mikrokontrollerite (PCB) parandamiseks ja testimiseks, samas on võimalik neid meetodeid kasutada IT kriminalistikas mobiilseadmetelt andmete kättesaamiseks. Käesoleva töö eesmärk on kirjeldada üldiselt neid meetodeid ning testide kaudu näidata, et tulemused on samaväärsed võrreldes igapäevaste mobiilseadmete kriminalistikas kasutatavatega. Esimese testi eesmärgiks on tuua välja erinevusi erinevate kopeerimismeetodite vahel. Tulemuste võrdlemiseks on kasutatud Cellebrite UFED Touchi ja Physical analyzeri tarkvara. Teise testi eesmärk on näidata, et kõik füüsilise kopeerimise meetodid on samaväärsed. Selleks tuleb võrrelda kahe erineva meetodiga saadud andmeid ühelt ja samalt seadmelt. Viimase testi eesmärk on näidata, kas on võimalik leida soovitud andmeid seadmelt, mis on krüpteeritud.
This thesis is focusing on JTAG and ISP physical acquisitions techniques. These techniques were created from manufactures to test PCBs and repair devices but they are being used as a forensic technique to acquire the data from a device. The aim is to give an overview of these techniques from a forensic point of view and in addition to some other tests will try to prove that are forensically equivalent to any other method. The first test will focus on showing the differences on the different types of acquisition by comparing the results of a forensic analysis of the same device using Cellebrite UFED Touch and Physical Analyzer. The second test will try to prove that all physical acquisitions are equivalent by comparing the acquired data from the same device with two different methods. Finally, the last test will focus on the examination of the content of an encrypted device to show if it is possible to find evidences.
This thesis is focusing on JTAG and ISP physical acquisitions techniques. These techniques were created from manufactures to test PCBs and repair devices but they are being used as a forensic technique to acquire the data from a device. The aim is to give an overview of these techniques from a forensic point of view and in addition to some other tests will try to prove that are forensically equivalent to any other method. The first test will focus on showing the differences on the different types of acquisition by comparing the results of a forensic analysis of the same device using Cellebrite UFED Touch and Physical Analyzer. The second test will try to prove that all physical acquisitions are equivalent by comparing the acquired data from the same device with two different methods. Finally, the last test will focus on the examination of the content of an encrypted device to show if it is possible to find evidences.