Malaysian Air Flight 370 Mobile Phone Device Data Recovery Reenactment
Can 4Discovery Recover Data From a Mobile Phone That Has Been Submerged In Pressurized Cold Salt Water for a Week?
That is the question that CNN posed to 4Discovery computer forensics experts last week when they revisited our offices with a Samsung mobile phone loaded with text messages, photos, videos, and emails. Then, the CNN reporter, Ted Rowlands, and our 4Discovery team paid a visit to Chicago’s very own Shedd Aquarium where the phone was submerged in a salt water tank, pressurized to simulate conditions on the ocean floor, and chilled to 50 degrees, courtesy of the enthusiastic sea water experts at the Shedd, chemist Allen LaPointe and fish biologist George Parsons. Then, assorted seaweed was added to the tank for drama…and to increase the “slime-effect.” This experiment was, of course, an attempt to simulate the condition of phones and other mobile devices that could be recovered from the doomed Malaysian Air Flight 370, which is believed to be at the bottom of the Indian Ocean. Could data recovered from these devices, (think photos, videos, undelivered text messages, etc.) help to tell the story of what happened to the aircraft?
Two weeks ago, when CNN first visited us, we advised them that we could “absolutely” restore data from a phone recovered from the Malaysian Air 370, assuming the devices’ memory chips were intact. This week CNN asked us to prove it, and hence, the experiment began. After the phone was submerged for a week in the green saline soup, we revisited the Shedd with the CNN team and recovered a very sad looking phone from the bottom of this lab-created “ocean.” Covered in green slime, the device literally spewed salt water onto our lab bench when we disassembled it. The protective seal designed to protect the inner workings of the phone had virtually dissolved. We have forensically recovered data from many damaged phones for a wide array of cases, including those destroyed in fatal automobile accidents, falls from multi-story buildings, (while inside the now deceased person’s jeans pocket), phones intentionally destroyed by nervous trade secret thieves, and SIM cards swallowed by arrested child molesters. But we had never seen a phone like this. Once the phone was dry, the caked on white salt residue gave the phone the appearance of being exposed to fire.
We were beginning to question our use of the term “absolutely” when previously describing our likelihood of success to the guys at CNN.
4Discovery forensics experts Chad Gough and Josh Fazio gave the phone a nice long bath in a temperature controlled ultra-sonic tub of Isopropyl Alcohol, then after a gentle brushing and air dry, tried to power up the board. Nothing. The phone’s delicate circuit board was still too corroded with salt deposits to power up. Next, we tried a number of advanced data restoration techniques. Nope. Last resort, a chip-off technique in which the phone’s tiny memory chip is removed from the circuit board by melting the connecting solder with an industrial hot air gun and then installed in a chip reader. For this last step we invited our friends and strategic partners at Gillware data recovery to join in the fun. (They had a chip reader adaptor on-hand for this particular chip that we did not have in stock).
The result? A successful recovery of the phone’s data, including unsent text messages and emails (written by CNN’s Ted Rowlands while the device was in the “airplane mode” to prevent transmission), videos and photos. Will Malaysian Air 370 ever be found? Perhaps not. But if those passengers and their phones are ever recovered, mobile device forensics could play an important role in recreating the flight’s final moments…and providing peace and closure and a final communication to loved ones.
Click here for a link to the full CNN video.
