Combined JTAG/Chip-Off Forensics

In this combined JTAG and Chip-off class, students learn the skills required to successfully perform memory acquisitions using the JTAG and using Advanced BGA Chip-off Techniques. The comprehensive course enables examiners to gain the essential knowledge of the practice and plenty of hands-on time working with devices.

Description

JTAG 2.0 Forensics

Learn the latest techniques for accessing mobile devices using the JTAG technique for data recovery and device unlocking. The newly designed course incorporates the new Teel Tech JTAG Forensic Certification “TJFC” test, as an option for students. All students receive a Certificate of Attendance, and those who pass the practical examination successfully will earn their TJFC.

New Class Additions

  • New probing processes
  • Password recovery on newer devices
  • New soldering processes
  • Students learn on Z3X box, in addition to Riff
  • Information on new equipment

Why do we need JTAG 2.0? — it helps us get into these phones:

  • Locked Android cell phone with USB Debugging turned off
  • Locked Windows phones
  • Locked proprietary OS phones
  • Physical memory acquisition where tools don’t support this
  • Damaged or broken phones

This comprehensive course enables investigators to learn and build on the required soldering skills and JTAG access options through practice and many practical exercises. Students leave class with a full skillset to continue on performing JTAG 2.0 back at the lab.

Course Essential components:

  • Disassembly and assembly of devices
  • Extensive soldering lessons, as well as using Molex Adapters.
  • Identify the test access points (TAPs) using various means, as well as the supplied Z3X Box
  • eMMC Reads – Working directly with eMMC partitions on live phones to save only the data you need.
  • Production of a physical dump of a locked / disabled USB Android phone, identification of the password and then restore user data by using your forensics tools.
  • Utilizing Python scripts for recovering pattern/pin locks. Introductory information using open source scripts.
  • Students are provided with multiple devices to perform JTAG examinations.
  • All students receive Certificate of Participation
  • Final Practical Exam to Earn the Teel JTAG Forensic Certification “TJFC” consists of a fully assembled locked device that students disassemble, perform the JTAG acquisition to acquire the raw data, and retrieve pattern lock. Students reassemble device, power up and unlock the device with acquired pattern lock code.

Additional Details

  • New Molex adapter connections – Some phones allow connection without soldering, these techniques are addressed.
  • eMMC Reads – Working directly with eMMC partitions on live phones to save only the data you need.
  • Identify the test access points (TAPs) using various techniques and tools.
  • Utilizing Python scripts for recovering pattern/pin locks. Introductory information using open source scripts.
  • Advanced HashCat processing for pattern/PIN password lock the new style Android OS phones.
  • Implementation of JTAG support in Cellebrite to RAW – to decode dumps.

Students will use today’s tools with features for assisting in analyzing JTAG data, including IEF Forensics. Trial versions of each software are provided to students at class, along with the Riff Box and Molex connectors.

 

Chip-off 2.0 Forensics

Teel Tech Chip-Off 2.0 provides students with a comprehensive education into performing forensics on memory chips used in today’s mobile devices and other media.

In depth information about eMMC, eMCP, and UFS chips

  • Newest BGA chip pinout layouts
  • Applying proper techniques for non-heat chip removal
  • Pros and cons of physical manipulation caused by heat or friction removal techniques
  • Updated heat removal processes
  • Introduction to monolithic devices and data recovery techniques
  • New tools and techniques for chip-off extraction
  • Earn the TeelTech Chip-Off Forensics Certification “TCFC”

Why Chip-Off 2.0? — it supports the following:

  • Damaged or destroyed devices
  • Devices unsupported by commercial tools
  • Unsupported advanced data extraction methods

This course consists of hands-on practical assignments and theory presentations that encompass proper and safe chip removal and data extraction. Further analysis of the data will be covered, and students shall use leading forensics software in the class to analyze data.

All students receive a Certificate of Attendance, and the opportunity to take the TCFC certification test.

 

Laptop Requirements

We prefer students bring their own laptops whenever possible. If this is not possible, Teel Tech Canada will provide one for you. If you are unable to bring your own laptop, please indicate so on the registration page.

For students bringing a laptop to class, please ensure they meet the following minimum requirements:

  • Windows 7
  • Windows 8.x and 10.x using these instructions (turn off driver sig enforcement)
  • macOS with Bootcamp Windows 7
  • macOS with Bootcamp Windows 8.x and Win 10.x using these instructions
  • macOS alone will not work (No Virtual Machines)
  • 8GB RAM (minimum)
  • 100GB storage (minimum)
  • You must have Admin rights or have the admin password for software installation.
  • NOTE: ALL Windows updates should be done prior to class.

Prerequisites

Due to the sensitive nature of our curriculum, and industry, all potential students are subject to vetting prior to enrollment. We reserve the right to refuse registration to any person that does not meet our established criteria.

Similar courses

The Teel Tech Advanced Chip-Off 2.0 Forensics training with certification provides students with a comprehensive education in performing forensics on the BGA memory chips used in today’s mobile devices.

More Information

In this 5-day course students will gain the skills needed to perform ISP extractions from devices with eMMC and eMCP memory.

More Information

In this 5-day course students will develop the skills required to perform low-level analysis and recovery of SQLite databases.

More Information

Our traditional in-class 5-day Complete SQLite Forensic Training has moved online! This new 10-day course combines both our SQLite Fundamentals class with our Advanced SQLite Forensics. Our live, instructor-led, online training provides you with the same in-depth SQLite learning experience as our on-site training over the course of 10 – 4 hour days.

More Information

Teel Tech Canada is now offering an 8-day Combined ISP/Chip-Off 2.0 training. In this class Digital Forensic Investigators will explore the foundations of both In-System Programming and Chip-Off 2.0 Forensics.

More Information