The EXFILES project makes it possible to retrieve information stored on 400 cell phones for forensic evidence in real criminal cases

The European project EXFILES, in which the Institute of Microelectronics of Barcelona of the CSIC (IMB-CNM, CSIC) has participated together with 13 research centers, companies and Law Enforcement Agencies (LEAs), has concluded with the development of tools that have made it possible to recover, so far, the information contained in 400 smartphones that had been used in various cases of real crimes.

In some cases, EXFILES has made it possible to reduce analysis time compared to previous procedures; in others, "it has made it possible to recover information that was inaccessible with existing methods, especially in the most modern phones," explains Salvador Hidalgo, IMB-CNM principal investigator on the project.

The procedures developed in the project will facilitate the work of forensic analysis of smartphone devices, allowing access to information that may be relevant to solve police cases, resulting in increased security. The cases in which it has been applied have been successfully closed and are confidential.

Project members met in Brussels in early October to close the project and assess the work carried out, where the results were rated as having great potential and immediate impact by the review panel.

The EXFILES proposal was to improve the techniques and methods for obtaining digital evidence within the reach of official forensic electronics groups, for use in the analysis of smartphones used by criminals, through a comprehensive approach covering both the use of software and hardware tools. The most important achievement has been their combined use along with the procedures, techniques and tools developed in the project.

"The collaborative use of software and hardware tools led to the definition of 21 analysis scenarios on 6 different phone models. As a direct result, about 400 devices belonging to real cases were accessed. The combination of the tools developed, together with Side-Channel Attack (SCA) and Fault Injection (FI) methods on System on Chip (SoC), have been the most important innovations", adds Jofre Pallarès, IMB-CNM researcher.

The aforementioned techniques are widely used in the analysis of electronic devices. The Side-Channel Attack method is based on the analysis of the signals that an electronic system generates during its operation and that can be used to access the information it works with. On the other hand, Fault Injection aims to bring a chip (integrated circuit) to work in states not considered during its design and to propitiate modifications in its operation that affect the security and integrity of the information processed.

The IMB-CNM Reverse Engineering Group (REG) has worked mainly on hardware analysis methods, with its research being key to developing new methods for cell phone decryption. In addition, for REG, "it has been a great experience to collaborate with such a diverse consortium, formed by LEAs, SMEs and academic centers, whose professionalism and motivation has meant that in many lines of research we have gone beyond what was strictly detailed in the initial objectives", concludes Roger Durà, researcher of the group.

European collaboration from seven different countries

EXFILES (Extract Forensic Information for LEAs from Encrypted SmartPhones) has been a project funded by Horizon 2020 (H2020-SU-SEC-2019) with a duration of 3 years starting in 2020. It involves entities from up to seven European countries, including the companies Technikon (Austria), Riscure BV (Netherlands) or Ciber Intel (Spain); the Law Enforcement Agencies of Germany, Netherlands, Norway, France and Spain; and research centers and universities, such as the Royal Holloway University of London, the University of Lille or the IMB-CNM itself.