The synchronous case came into the data recovery side of our business. Another data recovery company had received a water damaged LG-G4 cell phone from a customer who needed their media files recovered. They performed a chip-off extraction in an attempt to recover the data. Unfortunately for them, though, they found that the customer had encrypted the data on the phone, rendering it inaccessible from the chip alone. Ultimately, the other company was unable to successfully recover the data. The customer asked them to ship the phone directly to Gillware.
The phone arrived for us to work our smart phone forensics and data recovery skills on, already disassembled… and, unfortunately, without the removed embedded multimedia chip (also known as an eMMC) they had tried to pull the data from! Since the eMMC stores all of the customer’s important data, we had our hands tied until the other company sent us the chip as well. Part of the synchronicity in this was that while we were waiting for the chip, we succeeded at the flip phone chip off/chip on, so we knew it might be possible to do the same with this phone.
Once we wrangled the missing chip, we imaged it and found that–sure enough–the user data was encrypted, just as the other lab had discovered. Our smart phone forensics tools on hand lacked the support to decrypt this chip’s particular encryption mechanism.
It was time to try the technique we’d previously proven possible on a flip phone–only this time, we’d be doing it on a much more complex smart phone.