In this five-day course provides students with all the skills they need to successfully retrieve a physical acquisition of supported locked cell phone memory using the JTAG process. Once the physical acquisition is complete, you will learn how to recover the password and decode the user data. With the password in hand, one can then put the phone back together and unlock the phone with the recovered password.
Why do we need JTAG? JTAG can get into these phones:
- Locked Android cell phone with USB Debugging turned off.
- Locked Windows phones.
- Locked proprietary OS phones.
- Physical memory acquisition where tools don’t support this.
- Damaged or broken phones.
- Unsupported by the forensic tools.
This comprehensive course enables investigators learn and build on the required soldering and JTAG skills through practice and many practical exercises on the phones to allow them to walk away with the full skillset to continue on with JTAG back at your lab.
Course components:
- Disassemble and reassemble equipment.
- Soldering skills are mastered in this training.
- Correct application of JTAG technology to access the physical memory.
- Production of a physical dump of a locked / disabled USB debugging Android phone, identification of the password and then restore user data by using your forensics tools.
- Recovery of physical memory from locked Windows or Proprietary OS phones.
- Advanced RIFF Box techniques are also addressed.
The course provides an adequate education in the disassembly and re-assembly of a functional cell phone (non destructive process), so that the JTAG connection can be completed using a JIG, Molex Connector or the soldering process.
Once connected, the investigator will learn how the JTAG tools are applied to access the device’s memory and save the data.
By providing the necessary training in terms of memory and JTAG configuration and access technologies enable the JTAG components investigators of current devices to learn how to use the latest tools and practical to use.
Participants receive a free Riff Box, Molex JPIN Jig Set, 90-day trial of the UFED Physical Analyzer and trial version of Magnet IEF Software.
Laptop Requirements:
- Windows XP, Windows 7 32 or 64Bit
- Win XP Mode in VM will function as well
- MAC with Bootcamp Windows 7 64Bit (MAC only will not work)
- 8GB RAM (minimum)
- 100GB storage (minimum)
- You must have Admin rights
- NOTE: ALL Windows updates should be done prior to class
- NOTE: Windows 8 will not work!
Optional:
- Cellebrite P.A. Dongle
- Encase, FTK, X-Ways Dongle
- Access to a HEX editor
- External USB 3.0 Storage Device