All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: Help About Examining Unusual Electronic Devices
PostPosted: September 25th, 2019, 3:43 
Offline

Joined: December 22nd, 2017, 1:34
Posts: 12
Location: TURKEY
Hello everybody. :)
I want to take some advice about examining any unusual electronic devices. For example you have to examine a device which is not a HDD or not phone, tablet etc. and sometimes you don't even know what is it and being used for what. How could you start to examine what do you look especially. How do you understand what this device is being used for? Do you boot device firstly or do you open it and look inside the circuit? Is there any standarts for these types of situations? Or do you have some advices please?

Thank you very much.


Top
 Profile  
 
 Post subject: Re: Help About Examining Unusual Electronic Devices
PostPosted: September 25th, 2019, 3:51 
Offline

Joined: May 13th, 2019, 7:50
Posts: 42
Location: Nederland
I'd start with Google rather than doing anything with the device.


Top
 Profile  
 
 Post subject: Re: Help About Examining Unusual Electronic Devices
PostPosted: September 25th, 2019, 4:01 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 11901
Location: Australia
The device must have inputs and outputs, otherwise it wouldn't be a device. These should tell you something about how it is used and connected.

If you can find datasheets for the chips, especially the larger ones, then that should tell you a little more about it.

Do you have any particular device in mind?

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Help About Examining Unusual Electronic Devices
PostPosted: September 25th, 2019, 8:04 
Offline

Joined: December 22nd, 2017, 1:34
Posts: 12
Location: TURKEY
We are working for courts and sometimes they are sending very different devices like jammer, spy cam, IP TV, tachograph... I dont ask this help for a specific device. In fact I ask a scientific or forensic manner to examine devices which are not an HDD phone tablet etc.

I think the way must be like:
1- Visual inspection
2- Open device case and inspect PCB if there is any damaged component or burnt component
3- Note chip names and look datasheets
4- Guess what is the purpose of device
5- Look for any storage chips and try to take image of this chips if there is an easy way
6- If you think device is damaged and not working properly dont run device and report
7- Look for connection ports and try to connect device to PC via Write-Blocker
8- Report every findings

But I have to write an article about this topic and I want to prove my idea with some scientific article or something like that. But there is no articles about unusual evidences. Can anybody give me some advice or articles links. Do anybody want to add anything to my method? Any suggestion will make me thankful.


Top
 Profile  
 
 Post subject: Re: Help About Examining Unusual Electronic Devices
PostPosted: September 25th, 2019, 10:28 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3422
Location: Adelaide, Australia
yes I want to see a photo!

other ways: google any writing on the case if it has one, google any silkscreened words on PCB.

also posting photos here would probably work too.

One thing you must consider is that if you are doing this for forensics, you may have other concerns to be aware of.

You don't want to go posting some secret device from your govt, and burning their opsec.

basically I would:
a) google every feature until I had a rough idea what it is for
b) decide if worth pursuing
c) if so, google the specic parts that look like I could go deeper - chips on it, any ports/interfaces, patent office info etc
d) extract firmware / NAND contents and use tools like IDA or Ghidra, Binwalk, Hex editor, or specific tools to look deeper
e) this should be obvious what to do next based on everything found out in above steps


Top
 Profile  
 
 Post subject: Re: Help About Examining Unusual Electronic Devices
PostPosted: September 26th, 2019, 2:53 
Offline

Joined: December 22nd, 2017, 1:34
Posts: 12
Location: TURKEY
HaQue wrote:
yes I want to see a photo!

other ways: google any writing on the case if it has one, google any silkscreened words on PCB.

also posting photos here would probably work too.

One thing you must consider is that if you are doing this for forensics, you may have other concerns to be aware of.

You don't want to go posting some secret device from your govt, and burning their opsec.

basically I would:
a) google every feature until I had a rough idea what it is for
b) decide if worth pursuing
c) if so, google the specic parts that look like I could go deeper - chips on it, any ports/interfaces, patent office info etc
d) extract firmware / NAND contents and use tools like IDA or Ghidra, Binwalk, Hex editor, or specific tools to look deeper
e) this should be obvious what to do next based on everything found out in above steps


Thank you for your advice very much. Extracting firmware and researching what is it for is a great idea.


Top
 Profile  
 
 Post subject: Re: Help About Examining Unusual Electronic Devices
PostPosted: October 11th, 2019, 20:48 
Offline

Joined: November 12th, 2018, 13:34
Posts: 11
Location: estonia
i would not open device..what if device is rigged to delete all daya then someone tries open it?


Top
 Profile  
 
 Post subject: Re: Help About Examining Unusual Electronic Devices
PostPosted: October 30th, 2019, 4:10 
Offline

Joined: December 22nd, 2017, 1:34
Posts: 12
Location: TURKEY
underdeath21 wrote:
i would not open device..what if device is rigged to delete all daya then someone tries open it?

But for some devices if we don't look at circuit, we never know what is circuit for.


Top
 Profile  
 
 Post subject: Re: Help About Examining Unusual Electronic Devices
PostPosted: October 30th, 2019, 6:13 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3422
Location: Adelaide, Australia
underdeath21 wrote:
i would not open device..what if device is rigged to delete all daya then someone tries open it?

extremely unlikely. also you would likely know the importance of considering this based on who/what you were investigating.

even protections on chips are not always implemented when they are available for little to no cost in development.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group