At Flashback Data, we get many calls about recovering lost data from mobile devices (phones and tablets). Phones and tablets are two of the most commonly used devices in the world today, and carry an unthinkable amount of our data – from photos and videos, to our private messages and search history. Understandably, these clients are often the most devastated clients when they call us with a significant data loss. Smartphone and tablet memory works very differently than other devices, so it surprises many people to hear that common, everyday practices are what led to their data loss.
We put together this article to detail the do’s and don’ts of mobile device data – some of these may surprise you, but we suspect there are a couple you’ve known all along (and it’s time to get with the program). Follow these tips in order to prevent a catastrophic data loss that could leave your heart or your business sidelined in a major way.
Mobile Device Do’s
1. Sign up with a cloud backup service
This is the most important recommendation on our list. Sign up with a cloud backup service that automatically updates its backup and automatically charges your operating expenses. This ensures that no matter what’s going on with your device, a very recent digital copy of your data is safe and ready to re-download. If you’re an Apple device user, you can easily use their iCloud service. For Android users, a Google backup service would be an easy fit.
We often hear that people are nervous and suspicious of cloud services, usually citing that they don’t want Google or Apple reviewing their private data, or hackers getting into their data and using it. There is a misconception around all of this that we’d like to dissolve. If you’re reading this article, it is extremely unlikely that you are a target for a data breach.
Simply put – we are not that important. Hackers and allegedly malicious employees of cloud services do not waste time on targets without a certainty of the data they’re profiting from. Think of it this way – would a robber risk breaking into a house if there’s no way to know anything of value is inside? Most all of us fall into this category when it comes to our backed up data.
Once you’ve signed up with a cloud service that meets your needs, check it monthly to make sure your bill is paid and your data is being upload properly. That way, if you’ve gotten disconnected from the service, you’ve only lost a few weeks of data at most. If you have any monthly checklists – like going through your bills, conducting expense reports, etc. – checking your backups is a great candidate to add to your monthly responsibilities.
2. Back up before any system updates
One of our most frequent data recovery questions surrounds iPhones and boot loops – a failure called Error 14. This can happen when your iPhone downloads its own system updates, but your phone is overfull with too much data. It crashes your phone, causing it to power up and down in a loop. This is an unrecoverable situation, so if your data isn’t backed up, that’s it – all of your mobile device data is gone.
It’s impossible for you to know how our phone or tablet is going to respond to a system update outside of whether or not you have enough room to download it. Most of the time, everything is fine, and after a few minutes you’re back to using our phone, but plenty of people experience data loss from system updates that were fine for everyone else. Sometimes, unfinished or disastrous system updates are released, and many people lose their data as a result.
If you are someone who takes tons of photos, and regularly has a close-to-full phone, or if you don’t know much about phone technology, we highly recommend turning off your auto-update settings to prevent something like this from happening. This will make the phone or tablet notify you when an update is going to happen in the near future, so you’ll have time to double-check your back-ups and make some space on device.

3. Keep 10 GB available on your phone
For the reasons we listed above, always make sure your mobile device has some space on it. It is often running updates and downloading data in the background that you might be unaware of, all of which runs the risk of corrupting your phone if you don’t have enough free space. Your phone may advertise that it has 128 GB of space, for example, but our techs at Flashback Data would agree that you shouldn’t fill it over 115.
4. Invest in a water and shatter-proof case
Here is an uncomfortable truth: water damage and impact damage are fully avoidable. Yep, you read it here, and we stand by it. We’re not saying we have a running tally of how many times we hear “I know I should have a waterproof case, but, my kid spilled liquid on my tablet and shorted It”… but we certainly could.
Reputable water and shatter preventative cases do run a bit pricier than your typical silicone sleeve, but $50 is nothing when it comes to our minimum mobile device recovery fee ($399) or an uninsured phone replacement (up to over a grand!).
Don’t know where to start? Here are some examples of high quality brands that make fantastic, reliable phone cases.
LifeProof
Hitcase Shield
Aquavault
Otterbox
Flashback Data is not affiliated with any of these brands – we’re merely showcasing examples of brands on the market that make the quality of cases you’re looking for. We are not responsible for any manufacturer issues or customer satisfaction on these products.

5. Use high quality charging and connector cables from your device manufacturer, or from a manufacturer-recommended vendor
Low quality connector cables are a huge reason that customers come to us for data recovery. Low quality cables can cause electrical shortages in your phone, rendering it unusable and potentially corrupting your data. These cheap connector cables can also corrupt your data, and they’re easy to break and tear, making a data transfer easy to interrupt (which can often lead to a phone failure). Invest in cables that are directly from your device manufacturer, or are recommended by the manufacturer.
Apple has a program in particular to certify other vendors for use on their products, called the MFI Certification. Through this process vendors can assure their consumers that their products are fully safe to use with Apple products. This sort of certification program doesn’t exist for all mobile devices, but it’s worth reading reviews to make sure your components don’t compromise your data.
Mobile Device Don’ts
1. Fill your device storage
As we mentioned above, there are tons of risks associated with filling up your phone. This doesn’t leave any room for the device to download system or application updates, take photos and videos, or run its own operating system. You may notice that your phone “stutters” – applications lock up during use or take a long time to open, apps and videos close without warning, or you find yourself having to restart your phone on a regular basis. Keeping your mobile device stuffed to its limit with data is practically begging for a memory failure.
We understand that a lot of people want all of their photos and videos in one device, ready to review and reminisce at a moment’s notice. Unfortunately, this is the most common risky behavior we see when it comes to our customers with crashed phones. We highly encourage you to embrace using a cloud service or online photo album service to store all of your picture and video archives. When you want to take a walk down memory lane, they’ll be waiting for you.
2. Put your device in rice
Putting your phone in rice is a popular, but often destructive approach to trying to reverse water damage. While technically, yes, this method will dry out your phone, but it can do so in a very harmful way that make matters worse. The way rice interacts with exposure to electronics can cause more damage than you already have, leading to corruption of your data and damage to your motherboard.
If your device has been exposed to liquid and is damaged as a result, zip it up in a bag with a slightly damp sponge, and take it to a repair shop immediately. This will allow the liquid to be extracted from the device without corroding any of the components through over-drying.

3. Take your device swimming
We’ve seen the commercials. Someone is basking in the ocean with their smartphone or enjoying drinks in a pool, taking underwater photos to commemorate their summer vacations and spring breaks. These people live seemingly worry and risk-free, drinking beer and making funny faces underwater for social media photos.
Don’t be those people.
A recurring call we receive is customers who are upset because they thought their phone was water proof, so they took it in the pool or to the beach, and now it won’t turn on. Your smart phone is never going to be “water proof”. It is water resistant. It is water resistant in clear, clean water with no currents or waves.
Pools and hot tubs are full of chemicals that aren’t meant to be exposed to electronics. The ocean is full of salt and sediments, which ruin electronic components on contact.
There are certainly reputable waterproof cases that will allow you to submerge your phones and tablets in different bodies of water, but as we all know, even the best brands do not carry a 100% success rate. We recommend being safe over sorry – do not bring your devices swimming with you.

4. Use cheap or unsanctioned accessories
Using convenience store charging cables is a sure-fire ticket to losing your data. These cheaply made cables can fray easily, or may have components that aren’t well-fit to your device.
This will lead to data transfer interruptions (which can corrupt your device), electrical shorts, and other disasters that will come at the wrong place at the wrong time.
Invest in high quality accessories to ensure the safety of your data.

5. Try to guess your PIN
If you’ve forgotten your PIN or passcode, do not try to guess it over and over. Find a way to confirm what that PIN is, or get in touch with support to find out what your options are.
Entering a password or PIN repeatedly is the fastest way to lose your data forever. Too many incorrect entries will permanently “brick” your device, making it useless and rendering your data destroyed. This is often referred to as the device being in “Disabled Mode”. It is a security feature implemented in order to make the phone as secure as possible for anyone – from politician to technology executive,
By following these easy suggestions, you’ll be a world apart from most of the customers who come to us with a mobile device data crisis. In the event you do have a crisis and need your phone or tablet data recovered, give us a call at 866.786.5700.
Hurricane Ida Data Recovery
/in Data Recovery /by Russell ChozickWhat to do if you encounter computer storage equipment that has been damaged by water and severe flooding.
For those of you that may encounter damaged devices due to Hurricane Ida. Here are some quick DO‘s and DON’Ts for the best chances of data recovery on water damaged devices:
Please feel free to call us or use our web form for more information if any of your devices have come into contact with water.
Weather Emergency Data Recovery
/in Data Recovery /by WilliamIf you’ve been following the news, you’ve probably heard that Texas went through several catastrophic emergencies back to back last week. We had record-breaking freezing temperatures that were sustained for almost a week, which doesn’t happen too often in Texas. This led to power grid failures, undriveable roads, destroyed water systems that left homes flooded or without resources, and a natural gas shortage.
This led to a slew of calls as the weather broke – people experienced power interruptions that messed up their firmware, flooding that blew out their computers, and a host of other issues that led to unexpected data loss (adding insult to injury in a terrible state-wide event).
This event came as a huge surprise to all of us, as in Texas, cold snaps tend to stay above freezing temperatures and only last a couple of days. This time, our whole state was under ice for the week.
There is only so much you can do to prevent data loss in a major emergency like this. Primarily, you’ll want to make sure your power-dependent systems are connected to a reliable backup service like Carbonite or iCloud. That way, at least you will have a relatively recent back-up of your data that won’t add to your list of challenges to overcome, or add to the growing stack of emergency expenses. Making sure that your back-ups are all paid for and connected appropriately should be part of any monthly office or home checklist you have.
Of course, there are times where despite your best efforts, these things won’t come together as planned.
So, what happens when your computer floods, or a power outage causes a system failure in your phone? What do you do?
Power Outage Data Recovery
If you’ve lost your data due to a power failure, such as rolling blackouts in a weather emergency, do not try to power your device further. You could cause further electrical issues and render your data unrecoverable.
Water Damage Data Recovery
Water damage is a stranger to no one at this point, but because of that, there are certain myths surrounding what to do when you have a water damage experience – particularly, anything involving rice. Rice is popular because as a super dry ingredient, it will absorb the moisture out of a waterlogged device. What it doesn’t absorb are the sediments and particulates that came in with the water. Once you absorb that water out of the device, those particles are left behind, causing corrosion and damage to the internal components. So, what do you *really* do?
For larger units with electrical-related or water damage, such as a multi-device RAID system, you are still essentially in the same boat. Do not attempt to power up the unit or dry it out, and give us a call as soon as possible. If you are an entrepreneur or work for a business, and your business insurance covers extreme weather events, call them immediately to get that lengthy process started.
As always, please don’t hesitate to reach out if you have any questions. If you have other critical tips you think are worth mentioning, let us know so we can add them!
How to Prevent Mobile Device Data Recovery
/in Data Recovery /by WilliamAt Flashback Data, we get many calls about recovering lost data from mobile devices (phones and tablets). Phones and tablets are two of the most commonly used devices in the world today, and carry an unthinkable amount of our data – from photos and videos, to our private messages and search history. Understandably, these clients are often the most devastated clients when they call us with a significant data loss. Smartphone and tablet memory works very differently than other devices, so it surprises many people to hear that common, everyday practices are what led to their data loss.
We put together this article to detail the do’s and don’ts of mobile device data – some of these may surprise you, but we suspect there are a couple you’ve known all along (and it’s time to get with the program). Follow these tips in order to prevent a catastrophic data loss that could leave your heart or your business sidelined in a major way.
Mobile Device Do’s
1. Sign up with a cloud backup service
This is the most important recommendation on our list. Sign up with a cloud backup service that automatically updates its backup and automatically charges your operating expenses. This ensures that no matter what’s going on with your device, a very recent digital copy of your data is safe and ready to re-download. If you’re an Apple device user, you can easily use their iCloud service. For Android users, a Google backup service would be an easy fit.
We often hear that people are nervous and suspicious of cloud services, usually citing that they don’t want Google or Apple reviewing their private data, or hackers getting into their data and using it. There is a misconception around all of this that we’d like to dissolve. If you’re reading this article, it is extremely unlikely that you are a target for a data breach.
Simply put – we are not that important. Hackers and allegedly malicious employees of cloud services do not waste time on targets without a certainty of the data they’re profiting from. Think of it this way – would a robber risk breaking into a house if there’s no way to know anything of value is inside? Most all of us fall into this category when it comes to our backed up data.
Once you’ve signed up with a cloud service that meets your needs, check it monthly to make sure your bill is paid and your data is being upload properly. That way, if you’ve gotten disconnected from the service, you’ve only lost a few weeks of data at most. If you have any monthly checklists – like going through your bills, conducting expense reports, etc. – checking your backups is a great candidate to add to your monthly responsibilities.
2. Back up before any system updates
One of our most frequent data recovery questions surrounds iPhones and boot loops – a failure called Error 14. This can happen when your iPhone downloads its own system updates, but your phone is overfull with too much data. It crashes your phone, causing it to power up and down in a loop. This is an unrecoverable situation, so if your data isn’t backed up, that’s it – all of your mobile device data is gone.
It’s impossible for you to know how our phone or tablet is going to respond to a system update outside of whether or not you have enough room to download it. Most of the time, everything is fine, and after a few minutes you’re back to using our phone, but plenty of people experience data loss from system updates that were fine for everyone else. Sometimes, unfinished or disastrous system updates are released, and many people lose their data as a result.
If you are someone who takes tons of photos, and regularly has a close-to-full phone, or if you don’t know much about phone technology, we highly recommend turning off your auto-update settings to prevent something like this from happening. This will make the phone or tablet notify you when an update is going to happen in the near future, so you’ll have time to double-check your back-ups and make some space on device.
3. Keep 10 GB available on your phone
For the reasons we listed above, always make sure your mobile device has some space on it. It is often running updates and downloading data in the background that you might be unaware of, all of which runs the risk of corrupting your phone if you don’t have enough free space. Your phone may advertise that it has 128 GB of space, for example, but our techs at Flashback Data would agree that you shouldn’t fill it over 115.
4. Invest in a water and shatter-proof case
Here is an uncomfortable truth: water damage and impact damage are fully avoidable. Yep, you read it here, and we stand by it. We’re not saying we have a running tally of how many times we hear “I know I should have a waterproof case, but, my kid spilled liquid on my tablet and shorted It”… but we certainly could.
Reputable water and shatter preventative cases do run a bit pricier than your typical silicone sleeve, but $50 is nothing when it comes to our minimum mobile device recovery fee ($399) or an uninsured phone replacement (up to over a grand!).
Don’t know where to start? Here are some examples of high quality brands that make fantastic, reliable phone cases.
LifeProof
Hitcase Shield
Aquavault
Otterbox
Flashback Data is not affiliated with any of these brands – we’re merely showcasing examples of brands on the market that make the quality of cases you’re looking for. We are not responsible for any manufacturer issues or customer satisfaction on these products.
5. Use high quality charging and connector cables from your device manufacturer, or from a manufacturer-recommended vendor
Low quality connector cables are a huge reason that customers come to us for data recovery. Low quality cables can cause electrical shortages in your phone, rendering it unusable and potentially corrupting your data. These cheap connector cables can also corrupt your data, and they’re easy to break and tear, making a data transfer easy to interrupt (which can often lead to a phone failure). Invest in cables that are directly from your device manufacturer, or are recommended by the manufacturer.
Apple has a program in particular to certify other vendors for use on their products, called the MFI Certification. Through this process vendors can assure their consumers that their products are fully safe to use with Apple products. This sort of certification program doesn’t exist for all mobile devices, but it’s worth reading reviews to make sure your components don’t compromise your data.
Mobile Device Don’ts
1. Fill your device storage
As we mentioned above, there are tons of risks associated with filling up your phone. This doesn’t leave any room for the device to download system or application updates, take photos and videos, or run its own operating system. You may notice that your phone “stutters” – applications lock up during use or take a long time to open, apps and videos close without warning, or you find yourself having to restart your phone on a regular basis. Keeping your mobile device stuffed to its limit with data is practically begging for a memory failure.
We understand that a lot of people want all of their photos and videos in one device, ready to review and reminisce at a moment’s notice. Unfortunately, this is the most common risky behavior we see when it comes to our customers with crashed phones. We highly encourage you to embrace using a cloud service or online photo album service to store all of your picture and video archives. When you want to take a walk down memory lane, they’ll be waiting for you.
2. Put your device in rice
Putting your phone in rice is a popular, but often destructive approach to trying to reverse water damage. While technically, yes, this method will dry out your phone, but it can do so in a very harmful way that make matters worse. The way rice interacts with exposure to electronics can cause more damage than you already have, leading to corruption of your data and damage to your motherboard.
If your device has been exposed to liquid and is damaged as a result, zip it up in a bag with a slightly damp sponge, and take it to a repair shop immediately. This will allow the liquid to be extracted from the device without corroding any of the components through over-drying.
3. Take your device swimming
We’ve seen the commercials. Someone is basking in the ocean with their smartphone or enjoying drinks in a pool, taking underwater photos to commemorate their summer vacations and spring breaks. These people live seemingly worry and risk-free, drinking beer and making funny faces underwater for social media photos.
Don’t be those people.
A recurring call we receive is customers who are upset because they thought their phone was water proof, so they took it in the pool or to the beach, and now it won’t turn on. Your smart phone is never going to be “water proof”. It is water resistant. It is water resistant in clear, clean water with no currents or waves.
Pools and hot tubs are full of chemicals that aren’t meant to be exposed to electronics. The ocean is full of salt and sediments, which ruin electronic components on contact.
There are certainly reputable waterproof cases that will allow you to submerge your phones and tablets in different bodies of water, but as we all know, even the best brands do not carry a 100% success rate. We recommend being safe over sorry – do not bring your devices swimming with you.
4. Use cheap or unsanctioned accessories
Using convenience store charging cables is a sure-fire ticket to losing your data. These cheaply made cables can fray easily, or may have components that aren’t well-fit to your device.
This will lead to data transfer interruptions (which can corrupt your device), electrical shorts, and other disasters that will come at the wrong place at the wrong time.
Invest in high quality accessories to ensure the safety of your data.
5. Try to guess your PIN
If you’ve forgotten your PIN or passcode, do not try to guess it over and over. Find a way to confirm what that PIN is, or get in touch with support to find out what your options are.
Entering a password or PIN repeatedly is the fastest way to lose your data forever. Too many incorrect entries will permanently “brick” your device, making it useless and rendering your data destroyed. This is often referred to as the device being in “Disabled Mode”. It is a security feature implemented in order to make the phone as secure as possible for anyone – from politician to technology executive,
By following these easy suggestions, you’ll be a world apart from most of the customers who come to us with a mobile device data crisis. In the event you do have a crisis and need your phone or tablet data recovered, give us a call at 866.786.5700.
Cyber Security Basics
/in Data Recovery /by WilliamA common example of a call we receive is, “I need your help. My spouse just identified that someone has hacked into our PayPal account and is withdrawing $1,700 per month. We have contacted our bank, but they are not willing to help. We contacted PayPal, and they indicated that they have ACH number. We are afraid that they have all our other accounts, passwords, and contact information. Can you help?” Cyber security isn’t household talk yet, but people are learning about its possibilities, and the risks they take when operating in the digital world.
Common Types of Cyber Attacks
Individuals and small business owners are becoming increasingly aware of common types of Cyber Attacks, but rarely are they aware of all the different ways they can happen. These attacks can include (but aren’t limited to) locking them out of their business files, defacing their websites, or stealing money. The most common cyber security attacks are:
• Malware – a specific kind of software that’s designed to cause damage, disrupt, or create access to a computer system or network.
• Phishing – when a scam is set up to impersonate a reputable person or company in order to acquire personal / sensitive information directly from a user – such as passwords and credit card numbers.
• Man-in-the-middle attack (MITM) – this is an intrusion that involves a third party that intercepts, monitors, and alters communications between two parties without them knowing. For example, being able to intercept chat messages with a banker.
• Distributed Denial-of-Service (DDoS) – when an attacker overloads a network resource, such as a website, rendering it unusable for its intended users
• SQL injection – A SQL injection is when an attacker accesses a database and alters its code in order to exploit it, such as coding it to extract private customer information from your private business records.
• Zero-day exploit – This type of attack is particularly dangerous, because it happens long before the users in question are aware of the exploited vulnerability. The attack happens the same day the vulnerability is identified by the attacker, before the user is ever made aware of the specific gap in security.
• DNS Tunnelling – It is one of the most damaging DNS attacks. It encodes the data of other programs or protocols in DNS queries and responses. It often includes payloads that can be added to an attacked DNS server and used to control a remote server and applications.
• Business Email Compromise (BEC) – An attacker impersonates a corporate email address, impersonating an individual in order to exploit and/or manipulate the user(s).
• Cryptojacking – When an attacker installs malware on a user’s device in order to mine / steal cryptocurrency without their consent.
• Drive-by Attack – A drive by attack is when a malicious piece of software is downloaded to your device without your consent, and potentially, without your knowledge. You may not know this code ends up in your device at all, or you may think you’re downloading one thing, but you’re actually downloading something harmful.
• Cross-site scripting (XSS) attacks – When malicious code is injected into an otherwise trustworthy website, with the intention of exploiting the users who visit that site.
• Password Attack – A cyber attacker uses a host of possible passwords on a user’s security systems, hoping that one of them works (usually banking on the idea that people often repeat passwords).
• Eavesdropping attack – Similar to a “man in the middle” attack, this involves an attacker “snooping” or “eavesdropping” on communications without the users’ knowledge, in an attempt to acquire sensitive information.
• Al-Powered Attacks – An aggressive and targeted cyber attack that uses artificial intelligence to determine the most vulnerable security points in your system.
• IoT-Based Attacks – Internet of things (IoT) is easily one of the most versatile technologies in existence today. It is the primary force behind the biggest distributed denial of services (DDoS) botnet attacks for some time. Numerous IoT device manufacturers continue to ship products that cannot be properly secured.
Unfortunately, most individuals and small business owners do not carry cybersecurity insurance, or have enough money stowed away to afford a full incident response lifecycle. This typical lifecycle includes preparation, detection & analysis, containment & eradication, and post incident activity.
These attackers usually first analyze their target (reconnaissance), then they initialize an exploitation to intrude the network. Once established, they will then start to dig into your systems. They will try to move across your network quickly, looking for further exploitable data to take advantage of. Once they find the key data to collect, they exfiltrate and exploit the information. Once they have hit this phase, they are usually in and out of your network rather quickly.
How Cyber Security Works
It is unnerving because you don’t know if your system is clean, or if they have placed spyware on your system that watches your every move. The cybersecurity industry processes consist of the following segments:
• Proactive Protection – Hardware and software to keep your systems secure
• Monitoring – Scanning logs to detect intrusions or gaps
• Consulting – Analyze your business in order to receive pointed security recommendations
• Incident Response – Analyze a security breach in order to assess damage and recovery of data or funds
• Recovery – Recover any lost data or business functions that were negatively impacted by the data breach
Cyber Attacks – What To Do
If you are locked out of your business systems, your web site has been defaced, or you have lost money, then you require Incident Response services. Understanding your networked media, passwords, roles within the network, who belongs to which user group, and the privileges each staffer is granted are all required when preparing to deal with an incident. It is important to identify patient zero, so to speak, but most of the time, that’s rather unclear at first. Detecting how the network was compromised is critical to identifying, isolating, and eradicating any harmful factors that have been left behind.
Depending upon the network, this may take several ten-hour days to several weeks. Once the threats have been identified, contained, and eradicated, then you’ll need a follow up, post-incident action recommendation to ensure that this doesn’t happen again.
If an individual or small business is not able to activate an incident response team, then the following steps are your best bet to achieve a resolution and minimize damage:
• Unplug your internet connection
• Find a Password Manager: (Last Pass, One Pass, etc….)
• Change all your passwords
• Authorize 2-Party Verification
• File a Police Report to your local authority
• File an IC3 Report to the FBI
• Run a malware & anti-virus scan
• (Stole money?) Contact your financial institutions
Unfortunately, it will be rare that the individuals causing this havoc will be caught, but following these suggestions and you will be better prepared then most and hackers usually go for the weakest target.
When we get a call like the one we discussed above, we notify them that if a hacker has their ACH number, they would usually get in and get out with as much money as possible in as little time as possible. We might even mention that there could be some sort of payment schedule to a bill they don’t remember.
On this particular example, we received a notification days later explaining that this was exactly the case. It was a loan payment that was forgotten about, but they did implement the suggestions above, and already feel safer and more informed.
If you think you’re a victim of a cyber security attack, don’t hesitate to call us at (866) 786-5700. We will consult with you to see if your suspicions are valid, and then scope out the work accordingly. We’re here for you.
iOS exploits and their impact on digital forensics
/in Data Recovery, Digital Forensics /by Russell ChozickLast September, the iOS hacking community got a big surprise when a security researcher named axi0mX released a ‘game changing’ exploit called ‘checkm8’. What makes checkm8 so unique is that unlike previous exploits, it is a Boot ROM exploit. This means that on affected devices, there is no way for Apple to patch it via software updates.
To be clear, this exploit is not a remote threat, as the physical device must be tethered to a computer. Further, it does not allow someone to bypass your PIN or Touch/FaceID. The exploit is also non-persistent. Meaning that once the device is rebooted, the exploit is removed.
The affected devices are and iPhone and other iOS models such as iPad running Apple’s A11 chip or earlier. Which basically means, any iOS device before and including the iPhone X. The iPhone XR, XS, 11, and Pro models are not included in this exploit.
How can this new exploit help us in digital forensics?
The checkm8 exploit now allows us to obtain an entirely new level of device data extraction which, up to this point, was impossible. Previously, on Phones newer than the iPhone 4, we were essentially only able to get what equates to an iTunes backup of the device. In many cases, this is fine. However, over the years Apple has made it increasingly difficult to recover deleted information from chat databases and other application data by using a vacuum-like function that cleans up databases more frequently than earlier iOS versions.
Checkm8 allows a forensics examiner to exploit the device, collect the file level decryption keys and then extract the entire active file system of the device including the keychain and other valuable data previously unattainable by earlier extraction methods. Previously, we were only able to get parts of the data which were approved to be included in iTunes backups. The aforementioned non-persistence is great because no user level data is altered, and we no longer even have to boot the device into the native iOS.
For example, below are the results from a test iPhone in our lab on which we performed two separate extractions: Advanced Logical vs Checkm8. The first screenshot from Cellebrite Physical Analyzer shows what was retrievable via the traditional Advanced Logical extraction, about 8.5 gigabytes of data.
The next screenshot, below, shows the data which resulted from the checkm8 full file system extraction of the exact same iPhone:
The difference in readable data obtained is staggering! The full file system extraction pulled approximately 36 GB of data, vs the 8.5 GB obtained via the advanced logical method. With Chat messages alone we were only able to obtain 251 messages and 9 deleted messages via the old method. With the exploited method we recovered 3228 messages and 75 deleted messages.
Another key area is that the phone stores logs that are usually inaccessible to the users. These logs store massive amounts of data related to how a user interacts with a device as well as tons of extra location data. There is a treasure trove of information that we are still just discovering.
Think about the implications of this extra data in a criminal investigation or traffic accident cases.
Hard Drive Clicking? Common Causes and How to Recover Data
/in Data Recovery /by Russell ChozickThe “$199 Data Recovery”
/in Data Recovery /by Russell ChozickTop Forensics Posts for Attorneys
/in Digital Forensics /by Russell ChozickWe’ve assembled the 5 Digital Forensics posts most popular with attorneys and the legal community. Check them out…
If you need the support of an experienced, accredited digital forensics lab for a case involving IP theft, family law, criminal defense or civl law, contact Flashback Data today. Our digital forensics lab is accredited under the same process as the FBI and state crime labs and can support the timing and information needs of your family law case.
CALL 866-786-5700 FOR A FREE CONSULTATION!
How To Align Your Forensics Support to Your Case Timeline
/in Digital Forensics /by Russell Chozick“We go to trial in 2 days and I need this digital forensic analysis done tomorrow!”
We get requests like this frequently and we do our best meet our clients’ case timelines if we can.
If your case needs the support of digital forensics, it’s important to understand how to align your forensic needs to the timeline of the case. There are some parts of a typical forensics exam that can be expedited and some that can’t.
Here’s what’s typically involved in a forensics examination and how long it takes.
STEP 1: AGREE TO FORENSIC PROTOCOLS
The forensic protocol is the agreed upon set of steps that the forensic lab will follow to acquire, segregate and analyze the information that is relevant and producible for the case. It typically specifies what is and isn’t producible from a technical perspective.
For example, an IP theft case may require a forensic analysis of a home computer. The forensic protocol would specify dates and types of information that could be included in the analysis.
We usually help our clients draft the forensic protocol, which is actually the easy part. The part that takes time is sharing that proposal with opposing counsel and/or the judge and coming to a final agreement. In some cases, this can take weeks, but in most cases the entire process takes anywhere from two days to a week.
STEP 2: ACQUIRE DATA SO THAT IT WILL HOLD UP IN COURT
We’ll assume that we’re already in possession of the device(s) in question. Obviously, if this isn’t the case, then there is some time involved in actually transporting the device via overnight mail or courier.
In forensic terms, “acquisition” is about getting the data from the original device into our lab environment so it can be properly analyzed. We create a verified forensic image of the entire drive or media. This step is required for the forensic analysis to hold up in court and there are no shortcuts.
The length of time required for acquisition depends on the size of the drive and how easily accessible the data is. The quickest and easiest would be a standard unlocked mobile device, which normally takes a few hours. Large storage arrays or devices that are physically damaged or password locked can easily take a few days.
STEP 3: ANALYZE AND SEGMENT PRODUCIBLE DATA AND PREPARE FINDINGS
Once we have a forensic image, we can begin the formal analysis of that data. The time required for this is wholly dependent upon the scope of the analysis (ie. what we’re looking for) and can be complicated by the forensic protocol. This process can take 1-5 days.
STEP 4: REVIEW OF FORENSIC FINDINGS BY ATTORNEY
After the forensic lab has completed its findings, an attorney must then review them in the context of the overall case strategy. In our experience, this is the one part of the process that attorneys most often forget about or underestimate.
If the digital evidence answers an objective yes or no question, this is easy. However, if the digital evidence is a transcript of conversations, then this review can take several days.
The best example is a family law case that hinges on a question of infidelity. The digital forensics lab will be asked to produce a transcript or log of communications between two parties. A typical 40 year old adult sends and receives over 1,500 text messages every month, so these transcripts can be lengthy. The attorneys must then review the content of the transcripts to draw any relevant conclusions about intent or relationships.
Don’t forget to leave yourself plenty of time to review and understand the digital evidence in the case.
If you have a case that includes digital evidence, contact Flashback Data today. We have supported attorneys in IP theft, family law and other civil and criminal cases for over a decade, and our digital forensics lab is accredited under the same program as the FBI and state crime labs.
CALL 866-786-5700 FOR A FREE CONSULTATION!
Spoliation of Digital Evidence in Civil Cases
/in Digital Forensics /by Russell ChozickThe most common issue in digital forensics for civil cases is spoliation. Any evidence that one party negligently or intentionally destroyed or modified relevant information can have a huge impact on the outcome of a case.
Here’s how a digital forensics lab can help attorneys in cases where spoliation of digital evidence is suspected.
Secure the Evidence and Establish Chain of Custody
The first step in any forensic analysis is to secure the specific device or media. In civil cases we’re often asked to collect digital devices at a company or residence. Regardless of whether we’re collecting a desktop, laptop, mobile device or flash drive, our first step is to isolate the device from any network, cellular or Bluetooth connections. We want to ensure that the devices in question cannot be modified or accessed on purpose or accidentally.
We will also document each device and begin a formal chain of custody. This is a step that many people ignore or don’t do with enough attention to detail. Each individual device AND piece of media must be documented by unique identifier. If a computer has two hard drives, we will document the computer serial number and the serial numbers of each individual drive. Similarly, a cell phone with an expanded SD memory card is actually two different pieces of media from a forensics perspective. We will also document who had access to these devices up to that point (to the extent possible) and will formally document any change of control from that point forward.
Create a Verified Forensic Image
Once we have the devices in question at our accredited digital forensics lab, we will create a verified forensic image of each piece of media. This is technical and rigorously validated bit-for-bit copy of every piece of data on the digital media in question. You can learn more about the term verified forensic image here.
Recovering Data and Any Changes To The Data
Once we have a forensic image, our examiners can start reviewing the data to look for information that is relevant to the case. We can often recover files that have been deleted and identify who deleted the files and when. We can also identify when files were updated or changed, and in some cases may be able to recover old versions of files. In cases where we can’t recover deleted files, we may be able to document that a file was deleted by a certain person or at a certain time, which is often sufficient evidence for a spoliation claim.
We will always prepare a comprehensive report of our findings that can be easily understood by attorneys and court officials.
Devices With Physical Damage
In some cases, the devices or media in question are inoperable or inaccessible because of physical damage or password locks. As an accredited digital forensics lab, we have extensive capabilities to recover data from damaged and inaccessible devices that most labs are unable to work with.
In one case with a failed hard drive, we were able to demonstrate that someone had used a sharp object to physically scratch the surface of an internal drive in hopes of destroying it. In that case, we recovered the data and showed evidence of an attempt to destroy data.
Getting Help
If you need help with digital evidence in a civil case, contact Flashback Data today. Our digital forensics lab is accredited under the same program as the FBI and state labs and we can recover data from more devices with shorter turnaround times that other labs.
CALL 866-786-5700 FOR A FREE CONSULTATION!