Ronald van der Knijff & Marcel Breeuwsma

EF_DG2Speaker Name: Ronald van der Knijff & Marcel Breeuwsma 

Title: Hardware Forensics, Past, Present, Future

Objective

This workshop will show how low-level hardware techniques are used in forensic examinations to collect digital traces that are used in police investigations and as evidence in court. The following topics are covered:

 

 

 Typical use cases (damaged, secured, deleted); 

  •  Forensic principles;
  •  Preservation and cleaning methods.
  •  (μBGA) chip removal techniques for modern mobile devices (desoldering and milling);
  •  Flash data extraction from uBGA’s without reballing and with custom build hard- and software;
  •  Chip-On techniques (chip transplants for damaged or secured devices) ;
  •  Forensic use of hacker boxes (JTAG, ISP, iphone etc.);
  •  Forensic use of OpenBTS;
  •  Silicon forensics (FEG-SEM / FIB);
  •  Encryption challenges ;
  •  Using exploits in a forensic context;
 

Technical topics are complemented with examples from real cases.

About the Speaker

Ronald van der Knijff works as senior forensic scientist within the Digital Technology and Biometrics division of the Netherlands Forensic Institute. He is a court-appointed expert witness on embedded systems forensics since 1999. During his 20 years of experience in the field of device forensics he worked on many forensic cases with a big diversity of devices like smart cards, mobile phones, navigation systems, trackers, but also pacemakers, dye packs, IED’s, crane’s and even aircrafts. His current focus is on the forensic use of hardware and software exploitation techniques.

Marcel Breeuwsma received a BSc in computer science from the ‘The Hague University’. In 1996 he joined the Netherlands Forensic Institute to work in the field of R&D. His main interests are digital electronics, embedded processors, embedded software and FPGA chips. He developed a Memory Tool Kit including several versions of software, builds hardware for an organizer analysis tool and did research in using JTAG for forensic purposes.