The MSAB team bought the same phone model Z18 to Reverdito’s team, so that tests could be run on it before trying to extract from the suspect’s phone. “We received the device and started using the phone like any other user. We created accounts on several apps such as WhatsApp and Telegram. We made calls, sent SMS, took pictures and videos on the new device. In short, we created a real scenario by erasing some data we had created from it. Then we disassembled the phone and heated the chip sufficiently to disengage it from the motherboard,” Reverdito said.
This manipulation was performed without a hitch. Then the chip was inserted in a card reader and via the free software, FTK Imager, a binary file was created from this chip.
“With the binary in hand, we inserted it into the XRY software, taking care to select the same brand and model as the original phone. We compared the two extractions, one logical and one physical, to ensure that we had recovered the deleted elements.”
“This process made it possible to validate our methodology and with the agreement of the magistrate, we then proceeded with the chip off of the actual phone from the real case. The extraction of the chip and the subsequent analysis of the data went smoothly and successfully.”
“Without the help of MSAB we would not have been able to help that investigation. It enabled us to give the investigators some very interesting information which definitely helped enhance the progress of the investigation,” said Reverdito.
It was also the case that the comprehensive training with MSAB enabled us to gain a solid knowledge of the theoretical and practical aspects of hands-on working with devices, he added.
OCLCTIC (L’Office central de lutte contre la criminalité liée aux technologies de l’information et de la communication (English: Central Office for the Fight Against Crime Linked to Information Technology and Communication – part of the French National Police).