Switch to full style
Anything related to computer forensics (new section!)
Post a reply

Help About Examining Unusual Electronic Devices

September 25th, 2019, 3:43

Hello everybody. :)
I want to take some advice about examining any unusual electronic devices. For example you have to examine a device which is not a HDD or not phone, tablet etc. and sometimes you don't even know what is it and being used for what. How could you start to examine what do you look especially. How do you understand what this device is being used for? Do you boot device firstly or do you open it and look inside the circuit? Is there any standarts for these types of situations? Or do you have some advices please?

Thank you very much.

Re: Help About Examining Unusual Electronic Devices

September 25th, 2019, 3:51

I'd start with Google rather than doing anything with the device.

Re: Help About Examining Unusual Electronic Devices

September 25th, 2019, 4:01

The device must have inputs and outputs, otherwise it wouldn't be a device. These should tell you something about how it is used and connected.

If you can find datasheets for the chips, especially the larger ones, then that should tell you a little more about it.

Do you have any particular device in mind?

Re: Help About Examining Unusual Electronic Devices

September 25th, 2019, 8:04

We are working for courts and sometimes they are sending very different devices like jammer, spy cam, IP TV, tachograph... I dont ask this help for a specific device. In fact I ask a scientific or forensic manner to examine devices which are not an HDD phone tablet etc.

I think the way must be like:
1- Visual inspection
2- Open device case and inspect PCB if there is any damaged component or burnt component
3- Note chip names and look datasheets
4- Guess what is the purpose of device
5- Look for any storage chips and try to take image of this chips if there is an easy way
6- If you think device is damaged and not working properly dont run device and report
7- Look for connection ports and try to connect device to PC via Write-Blocker
8- Report every findings

But I have to write an article about this topic and I want to prove my idea with some scientific article or something like that. But there is no articles about unusual evidences. Can anybody give me some advice or articles links. Do anybody want to add anything to my method? Any suggestion will make me thankful.

Re: Help About Examining Unusual Electronic Devices

September 25th, 2019, 10:28

yes I want to see a photo!

other ways: google any writing on the case if it has one, google any silkscreened words on PCB.

also posting photos here would probably work too.

One thing you must consider is that if you are doing this for forensics, you may have other concerns to be aware of.

You don't want to go posting some secret device from your govt, and burning their opsec.

basically I would:
a) google every feature until I had a rough idea what it is for
b) decide if worth pursuing
c) if so, google the specic parts that look like I could go deeper - chips on it, any ports/interfaces, patent office info etc
d) extract firmware / NAND contents and use tools like IDA or Ghidra, Binwalk, Hex editor, or specific tools to look deeper
e) this should be obvious what to do next based on everything found out in above steps

Re: Help About Examining Unusual Electronic Devices

September 26th, 2019, 2:53

HaQue wrote:yes I want to see a photo!

other ways: google any writing on the case if it has one, google any silkscreened words on PCB.

also posting photos here would probably work too.

One thing you must consider is that if you are doing this for forensics, you may have other concerns to be aware of.

You don't want to go posting some secret device from your govt, and burning their opsec.

basically I would:
a) google every feature until I had a rough idea what it is for
b) decide if worth pursuing
c) if so, google the specic parts that look like I could go deeper - chips on it, any ports/interfaces, patent office info etc
d) extract firmware / NAND contents and use tools like IDA or Ghidra, Binwalk, Hex editor, or specific tools to look deeper
e) this should be obvious what to do next based on everything found out in above steps


Thank you for your advice very much. Extracting firmware and researching what is it for is a great idea.

Re: Help About Examining Unusual Electronic Devices

October 11th, 2019, 20:48

i would not open device..what if device is rigged to delete all daya then someone tries open it?

Re: Help About Examining Unusual Electronic Devices

October 30th, 2019, 4:10

underdeath21 wrote:i would not open device..what if device is rigged to delete all daya then someone tries open it?

But for some devices if we don't look at circuit, we never know what is circuit for.

Re: Help About Examining Unusual Electronic Devices

October 30th, 2019, 6:13

underdeath21 wrote:i would not open device..what if device is rigged to delete all daya then someone tries open it?

extremely unlikely. also you would likely know the importance of considering this based on who/what you were investigating.

even protections on chips are not always implemented when they are available for little to no cost in development.
Post a reply