Digital Forensics – Advanced Passcode Lock

Client Name: Police Force

The Challenge: CCL was asked to recover internet browsing history and other data from a mobile device. However, upon initial inspection, the device was secured with an advanced passcode, which can be up to 32 alphanumeric characters long. It is currently impossible to try and guess a passcode this long, as current computers are not powerful enough to do this in our lifetime. The suspect was not co-operating and would not provide the lock code.

Overcoming the Challenge: Despite this, CCL were able to bypass the lock and recover a full chip-level read from the phone using JTAG. The method we used did not require the flash chip to be de-soldered and was non-destructive.

Once we had recovered a full read of the phone, internally developed scripts were used to recover and present some of the most pertinent data we have ever seen in a murder case. The internet history was recovered, which showed that the suspect’s searches and browsing had changed right after the murder was suspected of occurring. The suspect was now searching for ways to dispose of a body and clean up blood.

Along with this data, deleted text messages were also recovered using Epilog, one of CCL’s proprietary forensic tools. These deleted messages contradicted the suspect’s version of events leading up to the timeframe in question.

The Result: The combination of bypassing secure lock codes and recovering hard to find and deleted data, meant CCL was able to provide a full picture of the suspect’s activities, which showed he was trying to hide evidence and pervert further investigations.