Archive for July, 2017

Digital Forensics

Friday, July 7th, 2017
A smartphone is a portable multicore computer, packed with sensors, and the hub of our digital lives. Digital evidence has a broader scope than we are used to, coming from a single physical device. As such, digital evidence corroborates physical evidence that otherwise might have been only circumstantial. Conceptually, digital and physical evidence aren’t that different. Evidence is defined as information that’s used to determine events and people in a framework of time and place so that a cause can be established for illegal events.i  The information found in a cell phone is not trivial; it can be equivalent to non-portable items such as diaries, ledgers, and personal computers.
Can a cell phone tip evidence against a suspect? A murder in 2012 provided digital evidence to prosecute a suspect where the physical evidence in the case was not enough, as it was only circumstantial. In September 2012, a college freshman disappeared. He was last seen with an old high school friend at an electronics store. The freshman’s remains were found 3 weeks after, and 60 miles west of, the last time he was seen. Circumstantial evidence found in the high school friend’s car included some of the victim’s blood and his backpack. The suspect’s cell phone held several pieces of evidence, however. The phone’s Facebook app cache held a screenshot of an incriminating search because the suspect had used Facebook for access. After the victim disappeared, ping analysis to cell towers showed that the suspect travelled west for a long distance, and that the phone’s flashlight app was used for about an hour that same night.   Law enforcement used several levels of extraction.
Digital extraction starts with manual techniques such as using the touch screen to look through messages. (See Figure 1.) Logical extraction tools involve external computer equipment whose commands are executed on the target device, much like a host-target embedded development setup. Physical extraction involves more sophisticated tools that can excise deleted information from memory (e.g., a flash drive). Chip-off and micro-read techniques at the top of the pyramid involve physically removing memory chips from the device to read them, requiring expertise on how to communicate with the chip directly and the ability to emulate the device’s communication process.i
Digital forensics is impressive from a Hollywood perspective, but in reality, budgets for training and equipment lag far behind. As more devices come online with the Internet of Things, additional funding and training are needed at every level of the criminal justice system so that digital evidence can make the best impact possible to deterring crime.
A smartphone is a portable multicore computer, packed with sensors, and the hub of our digital lives. Digital evidence has a broader scope than we are used to, coming from a single physical device. As such, digital evidence corroborates physical evidence that otherwise might have been only circumstantial. Conceptually, digital and physical evidence aren’t that different. Evidence is defined as information that’s used to determine events and people in a framework of time and place so that a cause can be established for illegal events.i  The information found in a cell phone is not trivial; it can be equivalent to non-portable items such as diaries, ledgers, and personal computers.
Digital evidence can corroborate circumstantial evidence and lead to a conviction.

Digital evidence can corroborate circumstantial evidence and lead to a conviction.

Can a cell phone tip evidence against a suspect? A murder in 2012 provided digital evidence to prosecute a suspect where the physical evidence in the case was not enough, as it was only circumstantial. In September 2012, a college freshman disappeared. He was last seen with an old high school friend at an electronics store. The freshman’s remains were found 3 weeks after, and 60 miles west of, the last time he was seen. Circumstantial evidence found in the high school friend’s car included some of the victim’s blood and his backpack. The suspect’s cell phone held several pieces of evidence, however. The phone’s Facebook app cache held a screenshot of an incriminating search because the suspect had used Facebook for access. After the victim disappeared, ping analysis to cell towers showed that the suspect travelled west for a long distance, and that the phone’s flashlight app was used for about an hour that same night.   Law enforcement used several levels of extraction. Digital extraction starts with manual techniques such as using the touch screen to look through messages. (See Figure 1.) Logical extraction tools involve external computer equipment whose commands are executed on the target device, much like a host-target embedded development setup. Physical extraction involves more sophisticated tools that can excise deleted information from memory (e.g., a flash drive). Chip-off and micro-read techniques at the top of the pyramid involve physically removing memory chips from the device to read them, requiring expertise on how to communicate with the chip directly and the ability to emulate the device’s communication process. Digital forensics is impressive from a Hollywood perspective, but in reality, budgets for training and equipment lag far behind. As more devices come online with the Internet of Things, additional funding and training are needed at every level of the criminal justice system so that digital evidence can make the best impact possible to deterring crime.
Reference: Goodison, S., Davis, R., & Jackson, B. (2015, March 24). Digital Evidence and the U.S. Criminal Justice System. Retrieved July 5, 2017.

I2C → I3C Get on the Fast(er) Bus

Saturday, July 1st, 2017

I2C is 35 years old. Finally, we have a new serial bus communication interface that combines the best of I2C & SPI and is ideal for sensors: I3C, which stands for “Improved Inter-Integrated Circuits” (and is pronounced “Eye-three-See”). I3C’s effective data bitrate is 33.3 Mbps (max) at 12.5 MHz. It sports only two signal lines and legacy I3C devices can co-exist on the same bus with some limitations. I3C supports dynamic addressing and static addressing for I2C legacy devices. I3C includes in-band interrupt

support, support for hot-join, and multi-master capability is continued. A clear master ownership and handover mechanism is defined for I3C. I3C is limited to a realistic dozen or so devices on a bus.

We are drowning in sensors these days. It’s great to gather information, but sometimes you run out of GPIO. How many times have you used I2C or SPI because you ran out of GPIO or really needed to reduce pin count? Sure, I2C isn’t as fast as other communications buses, but sometimes you don’t need fast, you need more room and so you climb on the bus with that extra sensor.

I2C was introduced in 1982 by Philips (now NXP) as a means for MCUs to talk to I/O over a simple serial communications bus. I2C is probably older than some readers, but it’s still in wide use because it’s handy, uncomplicated, and no longer requires licensing fees. I2C is simple and uses two bidirectional, open-drain wires.

For those asking about why we have to have yet another standard, I3C is backwards compatible to I2C. Nothing has to change if you don’t want it too, but I3C is more power efficient and addressing is no longer prone to collisions because two devices just happen to be using the same address. SMBus is also a light-weight communication alternative to I2C and was created in 1994. SMBUs is still used today and is compatible with I2C, but complete compatibility between the two buses is certain only if you’re working below 100kHz.

The June 2017 I3C Plugfest was held in Atlanta, Georgia.

The June 2017 I3C Plugfest was held in Atlanta, Georgia.

In 2014, the Alliance Sensor Working Group set off to create the I3C sensor interface, starting with surveying the MEMS Industry Group to help identify the “pain points” experienced with I2C and SPI. The I3C standard was released in late 2016 and is still under development as the Sensor Working Group works on getting the kinks out in a series of Plugfests. Plugfests are a gathering of adopters who have developed prototypes for interacting with other adopter’s devices using the same standard. Plugfests are not only a good way to try out the technology, but to see if participants interpret a new specification as intended and to change the spec if developers have better ideas or have fallen into difficulty implementing certain areas.

I3C is very suited to sensors and targets the Internet of Things (IoT) and Automotive markets. The I3C standard is available to see at the MIPI Alliance website. The working group is aiming for the next revision of the I3C standard in early 2018.