Descrambling data on solid-state disks by reverse-engineering the firmware

Li Zhang, Shen Gang Hao*, Jun Zheng, Yu An Tan, Quan Xin Zhang, Yuan Zhang Li

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

9 Citations (Scopus)

Abstract

Abstract Data recovery is an important component of digital forensic research. Although recovering data from hard drives or small-scale mobile devices has been well studied, solid-state disks (SSDs) have a very different internal architecture and some additional functions, and it is not clear whether these differences will have an effect on data recovery. Data scrambling is an additional function of an SSD controller which can improve data reliability, but makes data recovery difficult. In this research, the dedicated flash software was first introduced that can acquire the physical image of an SSD without destroying the device hardware. Based on the software, a validation experiment was presented to evaluate the effect of data scrambling on data recovery and the causes of the effect were analyzed. Then two approaches to descrambling the data in the flash chips were proposed and their advantages and disadvantages discussed. After that, a procedure to identify the scrambling seeds that are used to descramble the scrambled data was described. Finally, descrambling software was implemented based on the second descrambling method. The experiment shows that this software can successfully descramble the data from an SSD flash drive regardless of the internal structure of the scrambler in the SSD controller and can generate an unscrambled physical image on which most existing data-recovery techniques can be effective.

Original languageEnglish
Article number531
Pages (from-to)77-87
Number of pages11
JournalDigital Investigation
Volume12
DOIs
Publication statusPublished - 1 Mar 2015

Keywords

  • Data recovery
  • Data scrambling
  • Digital forensics
  • Physical image
  • Solid-state disks

Fingerprint

Dive into the research topics of 'Descrambling data on solid-state disks by reverse-engineering the firmware'. Together they form a unique fingerprint.

Cite this