Experimental Evaluation of e.MMC Data Recovery

Abstract

In this paper, we explore the data recovery procedures from e∙MMCs. The e∙MMC is one of the “managed” flash memory devices that are popularly used in modern digital devices as their storage media. The e∙MMC, which consists of flash memory and the flash memory controller, optimizes the data input/output between the host device and the non-volatile memory through its standardized protocol. Its standardized structure and protocol makes forensic physical data acquisition simpler than handling the raw flash memory. However, its secure data purging features, such as Secure Erase and Sanitize, make data recovery from e∙MMC a challenging task. In this research, we investigate inside the e∙MMCs, and evaluate advanced data recovery procedures. By reverse engineering the structures of e∙MMCs and accessing the internal flash memory, we discover that securely erased data is still recoverable from the internal flash memory. In some models, more than 99% of the securely erased data can still be recoverable by accessing the flash memory inside the e∙MMCs. The data extraction method, along with experimental data recovery evaluation, will be explored in this paper.