Europe fights

against crime

and terrorism


Encrypted mobile phones are often a key factor in criminal cases; the data stored in these devices may contain critical evidence. With most telephones protected by encryption, the rapid processing of critical evidence by various information retrieval techniques is slowed down, if not made impossible. EXFILES will use software exploitation, hardware methods and combined methods to give law enforcement officials the tools and protocols for rapid and consistent data extraction in strict legal contexts. Tools and methods inspired by other areas of information security (e.g. security assessments based on common criteria) will lead to new judicial methods of accessing data for lawful investigations. EXFILES will focus on the ethical and legal aspects of research and exploitation as well as dissemination and training activities for the next generation of forensic experts.


While technical advances in mobile communication devices have changed the world in a relatively short time, they have also opened the door for opportunistic criminals using technology for illegal activities. A particularly vexing challenge for law enforcement agencies across Europe today, is unlocking mobile telephones confiscated from criminals. Oftentimes, these devices contain key data which could be used to solve open cases or prevent further crimes. EXFILES will not only research and develop reliable and consistent ways of unencrypting these devices, but will focus on the ethical and legal aspects of research, exploitation, dissemination and training activities for the next generation of forensic experts.



Reference Number:
Programme type:
Horizon 2020
Programme acronym:


Project Start: 01.07.2020
36 Months

Cost and Funding

€ 6.999.596,25
100,00% EU-funded


Keeping European nations at the forefront of technology and security requires the concerted efforts of the federal government, local law enforcement & intelligence agencies as well as cyber security experts. The EXFILES project brings these workgroups together to focus on the growing challenge of lawfully breaching the encryption of mobile communication devices which have been taken into evidence. By uniting stakeholders from all relevant domains, the EXFILES consortium is well poised to research and develop ways of maintaining security in the EU while preserving the privacy of it’s citizens.

Mission and Objectives

To be able to extract information from encrypted devices, a holistic approach (software, hardware) is required. The aim is, therefore, to find ways to access protected evidence by using semiconductor industry knowledge coupled with software exploitation techniques. EXFILES will focus on the following objectives:
• Categorize smartphones used by criminals
• Advance and update existing tools to improve reverse engineering of specific mobile devices
• Combine software and hardware techniques to produce advanced solutions
• Make evidence extraction from modern encrypted smartphones affordable and practical
• Improve law enforcement agencies’ capabilities regarding encryption and increase information sharing
• Involvement of all stakeholders from different domains
• Provide guidelines and recommendations for law makers and law enforcement agencies
• Evaluate the results against real use cases

Work Packages


Law Enforcement Agencies Requirements and Use Cases
WP1 generates the LEAs (=Law Enforcement Agency) requirements. There is a wide variety of devices available in the market for the general population, each one using diverse software and hardware platforms. Those include different operating systems, software versions and hardware components. The majority of them have encryption capabilities. In addition, devices used by OCGs (Organized Crime Groups) typically have another layer of complexity added to secure the devices.


Legal, Ethical and Societal Issues
The primary objective of this work package is to provide EXFILES with the support required to understand the legal constraints imposed by European and domestic laws with respect to encryption, the methods used by the judicial system to counter its use as an anti-forensic tool, and the ethical and societal consequences due to the use of those methods by LEAs. Firstly, this work package defines the legal framework surrounding encryption and forensic work, and contextualise the project in the debate on encryption techniques through an analysis of substantive and future European law. Secondly, it explores the ethical frameworks related to the digital forensics research and making informed decisions regarding the disclosure of any vulnerability discovery. Thirdly, it provides a practical overview regarding the use of the project’s outcomes, for instance, how evidence provided by the EXFILES developed methods stand up in court, and to what extent these methods can be kept confidential.


Software Toolbox for Data Extraction
Secure phones, high-end consumer devices or specifically secured ones, use a combination of hardware and software security mechanisms which prevents legal forensic. In this WP we focus on the software part to provide new technologies in order to improve LEAs capabilities. Even if the hardware is completely secure, vulnerabilities in software allow access to encrypted data. However, critical operations, such as authentication or integrity verifications, are now handled in a secure subsystem which is composed of an isolated or emulated hardware known as Trusted Execution Environment (TEE). This work package provides state of the art tools to enhance vulnerabilities and exploits finding in TEE such as TrustZone (TZ) or Secure Enclave. Such access can enable retrieving or use of hardware keys and bypassing of secure boot to be able to brute force passwords and access user data.


Hardware Approach to Extract Essential Information for Decryption
WP4 deals with physical techniques over the microprocessors present in the target systems. The goal is to use Reverse-Engineering (RE) and physical techniques to find out about secrets such as encryption schemes involving secure element and boot ROMs from SoCs. Evaluating invasive techniques including Reverse Engineering as part of the process could also bring useful knowledge such as functional mapping information and / or localised targets, which allows for RE based semi-invasive techniques evaluation.


Combination of HW & SW Approaches to propose Novel Forensics Methods
As described in its title, the main objective of this work package, consists in a combination of HW & SW approaches to propose novel forensics methods. Indeed, in the case of a criminal investigation, LEAs may be able to extract data from the target, but all or part of data can be encrypted. However, almost cryptographies technologies used in modern smartphones are based on standard algorithms, such as AES, RSA, etc. These algorithms are considered as mathematically secure. For example, by using a modern, high-performance computer to perform a brute force attack, still billions of years are needed to retrieve an AES secret key. In this context, the task of LEAs to obtain an exploited data will become a real challenge that requires new tools and methodologies for decryption. Therefore, this WP delivers tools and techniques based on Side Channel Analysis (SCA) and Fault Injection (FI) attacks, which are part of physical attacks family. In the practice, this WP consists in transforming existing tools and methods from lower-tech and non-forensic white-box environments into forensic contexts where black-box testing is far more common than in other areas and were the latest high-end consumer devices are encountered. This significantly broaden the market for companies with business in the area of physical attacks.


Knowledge Distribution & Tool Deployment
As LEAs are at the core of this project, the Bundeskriminalamt Germany develop their skills and enhance their laboratories to carry their paramount importance research, development and forensic analysis’s tasks long after the end of the project. This work package strengthen the collaboration between EU LEAs which is often the most efficient, and in many cases the only way, to obtain crucial data and analysis techniques for the investigations. By working together on a common problem, LEAs involved in this project, including other EU LEAs, strengthen their existing collaboration relationships or even build new ones. They also share common knowledge and methods, which will remain active after the end of the project This community, using the same technology can then share results and solutions more effectively.


Dissemination, Communication, Exploitation and Training
In line with the Grant Agreement, this work package is dedicated to the communication, dissemination and exploitation aspects of the project and its developments. The main objectives refer to the targeted communication of project results, the dissemination and contribution to a European Research Union as well as the exploitation of the scientific results to create competitive advantage with innovative products.


Project, Risk and Innovation Management
Work package 8 is responsible for the operational management and technical vitality of the EXFILES project, encompassing management components on contractual, financial, legal, technical, administrative and ethical levels. The main objective is the establishment of a sound and flexible project management structure and an efficient management process as well as the provision of an effective risk management strategy, so as to avoid deviations from the work plan. Another focus of work package 8 is to respond to opportunities, which are addressed by active innovation management. These activities will help to maximize the benefit to participants, project stakeholders and the overall impact of the project.


Ethics requirements
The objective is to ensure compliance with the 'ethics requirements' set out in this work package. Project Partners TECHNIKON (TEC) is a private independent Austrian SME with a highly specialized multinational team of 20+ engineers and scientists. It is dedicated towards engineering services as well as the planning, assessment and coordination of large industry driven international research projects. Technikon contributes in WP2 leading the task related to the project data management. TEC will coordinate the Data Management Plan and contribute to the implementation of the central platform. TEC will establish, maintain and handle the communication tools and further develop the target audiences / the communication plan, and create dissemination material to support dissemination events. TEC performs administrative tasks, oversee risk management activities, enable risk mitigation when needed, and monitor innovation activities.

Follow us on