In order to read out data from a microcontroller, it is often necessary to remove the microcontroller from the electronic control system. This is done at a rework station that is designed and equipped for the non-destructive removal and reinstallation of microcontrollers.
Motor vehicles have been equipped with an increasing number of electronic control systems for many years. In many forensic examinations, the vehicle identification number (VIN) can be determined on the basis of stored data obtained from electronic components of vehicle control devices. This allows to link vehicle parts to one another, even in cases in which vehicles are trafficked in individual parts..
The collection of instrument clusters at the KTI.
The installation of electronic anti-theft immobilizers has led to a marked reduction in the incidence of vehicle theft in recent years. In addition to mechanical locking systems, electronic anti-theft immobilizer systems pose increasing challenges to car thieves. Car thieves employ a number of different methods for this purpose, ranging from replacement of original equipment to manipulation via the data bus. Thus forensic analysis involves not only the examination of the vehicle network but also the control units. In order to complicate the work of the car thieves, the communication among the electronic controlling devices is often encrypted by the manufacturer, similar to other systems.
In addition to requests for forensic testing of vehicle electronic components and systems, the KTI also receives an increasing number of requests for analysis of digital electronic systems and chip technology. Typical test objects are defective data storage media such as hard drives, chip cards, USB-drives, but also navigation units, mobile phones, and skimmers. The latter are microcomputer systems, also known as embedded systems. They consist of microcontrollers, memory units and various interfaces for connection to peripheral electronic components such as sensors, for example. These microcomputer systems are developed for specific self-sufficient applications and remain largely invisible to the user in the background. In general, the number of encrypted data on data storage media and embedded systems increases. In order to make encrypted data open to interpretation for an investigator, a high expertise in mathematics is required. The encryption algorithms need to be analyzed and techniques for decryption need to be developed. For this purpose, all possible methods, ranging from brute-force-attacks to bypassing encryption by exploiting "back doors" (side-channel-attacks) are made available.
Electronic circuits can be inspected for concealed solder points with special optical inspection system.
The KTI maintains not only collections of original equipment units but also collections of components used in prior crimes in order to facilitate the identification of similar, previously detected manipulations used, for example, to deactivate anti-theft immobilizers and to verify them through direct comparison of data or component units. These collections allow the establishment of links between modi operandi and offenders.
The forensic investigation of electronic components such as microcontrollers in anti-theft immobilizers requires detailed analysis and technical manipulation of minute microcircuits..
The SEM/FIB/EDX analysis system at the BKA/KTI: severed and newly connected conducting paths on a microchip.
With magnification factors of up to one hundred thousand, conventional scanning electron microscopy (SEM) provides well-resolved morphological information on specimen surfaces that are not visible using a light microscop. Besides, with the aid of mounted X-ray spectrometry, it is also possible to identify the elemental composition of the sample material. All leading forensic institutes use these instruments as routine equipment in casework analysis.
A methodological advance in SEM technology is the microtechnical manipulation of sample materials with ion beams (Focused Ion Beam/FIB). The KTI at the BKA is currently the only forensic institute worldwide equipped with an SEM/FIB capable of million-fold SEM magnification.
The combined SEM/FIB/EDX technique enables the forensic experts to view and analyse objects thousand times smaller than a hair and process them with the FIB simultaneously. This technology provides a three-dimensional view into the interior structure of a microchip by exposing and - if necessary - severing selected conductor paths. Subsequently, precisely positioned deposits of highly conductive platinum or tungsten can be utilized to create new connections of conductor paths, which allows to read out the hidden data from the memorychip.
In addition to methods for analyzing memory modules, microprocessors, etc, the SEM/FIB also offers new opportunities for forensic analysis of gunshot residues, modern paint pigments, textile fibres and documents.