In System Programming Forensics


Also called In-Circuit Serial Programming (ICSP), In-system programming allows electronic chips to be programmed while fully integrated in a system. In System Programming involves connecting a programmable chip on visible PCB points which connect it to the hidden component below.

This flexibility in chips program-ability is widely used in digital systems forensics by connecting an ISP chip to particular component of a system and obtaining a direct reading. The ISP reading is independent of the system CPU as it accesses the components directly.

In-System Programming forensics is widely applied in embedded systems (digital devices with rudimentary computing power and on-board memory), eMMC storage and static memory. ISP enables digital forensic imaging to be done on supported devices without breaking the chip. Once completed the device is reassembled and taken back to its normal operations. In ISP digital forensics Mobile digital forensics can be done without interfering with it functionality.

emmc-socket-with-usb-size-12x18-0-5mm-for-bga-169-and-bga-153-font-bThanks to direct access to various chips in a digital system, ISP enables us to bypass system wide constraints like unlock codes. In System Programming forensics extraction is non destructive and achieve more or less the same as chip off extraction. The chip by chip analysis also offers the analysts the flexibility of assessing even devices not supported by the traditional enterprise digital forensic tools. Additionally, the process of ISP is much faster, since analysis and imaging is done directly at the chip. ISP is much less complex and much less resources for ISP download as compared to chip off extraction.

The flexibility provided by In System programming forensics tools helps ISP find applications in among other fields:

Laboratory Research and development, in which various assemble chips are studies in research and their images extracted for analysis.

Mass production of near similar chips in which only a small portion of their programming differs and may be programmed even after assembling of the chip. A case in point is Serial number writing to an on-board serial device.

In System programming tools are often portable, stand-alone and have mobile data storage media (SD card). This makes it versatile for field or mobile forensic extraction, debugging and data acquisition.

In System programming forensics tools make it is easy to incorporate third party and friendly software interface e.g. DLL and Virtual Com communication command set, and hardware interface (ATE and USB) are provided and make it very easy for customers to integrate the tools as a functional module into their systems. For instance, in network equipment integrated with in system forensics tools, in-circuit test and in-circuit programming can all be accomplished in the same step.

While modern day technology evolution seems to out pace forensics software, In System Programming forensics seems like a credible extraction method for digital images. ISP enables forensic analyst access to chip content, including deleted and overwritten content in items of interest. Most traditional forensic tools are only able to access the information in storage based on some prototype and they miss 3rd party information like GSM call logs.

With leading digital forensic tools providers embracing In System Programming forensics, more tools are increasingly becoming common place and with a budget of USD 1000, you will find a suitable tool that will help you do your digital forensics in a vendor near you.

Leave A Reply

Your email address will not be published.