Authors: Aya Fukami (National Police Agency of Japan) and Kazuhiro Nishimura (National Police Agency of Japan)



Mobile devices routinely arrive at forensics labs suffering from water damage, which can be the result of either intentional efforts to destroy evidence of a crime or accidental exposure. Chip-off analysis has traditionally been chosen as an effective data recovery method for damaged devices, including water damaged ones. However, with the implementation of full-disk encryption, chip-off analysis is becoming less promising. In many cases involving encrypted devices, the only option to extract user data for digital forensic purposes is to recover the original function of the device and then input the unlocking/ decrypting code. While this could be achieved by transplanting electrical parts that hold user data and decryption keys to a donor circuit board, given the typical backlog at forensic labs, it is unrealistic to perform this transplantation for all water damaged devices. In this paper, we examine the electro- chemical reactions that happen inside mobile devices when they are exposed to water. If handled properly, and appropriate procedures are conducted at a forensic lab, there is a high chance of restoring the water damaged mobile device to operating status to conduct successful forensic data recovery. Common diagnoses of water damaged devices, as well as effective repair methods, are discussed in this paper.