JTAG, Chip-off & ISP Training and Equipment Guide

Getting started with the advanced techniques of JTAG, Chip-off and ISP can be overwhelming considering cost, training options and equipment choices.
 
Read below to get answers to some of the most common questions we are asked by students and customers.

Teel Technologies was the first to introduce JTAG, Chip-off and ISP to the mobile forensic community. We constantly receive feedback that our classes are the best. And our classes are taught by seasoned mobile forensic examiners who are either active or retired law enforcement who practice these techniques day in and day out.

JTAG, Chip-off & ISP
ISP
Teel Tech JTAG, Chip-off and ISP students get access to the Physical and RAW Mobile Forensic Google Group, with a focus on Mobile Phone Forensics – Forensics Tools; Flasher Box; Bootloader; JTAG; ISP; and Chip-off are some of the topics of discussion. Moderated by Bob Elder, Director of Training and the head of Teel Tech Canada, the group is now over 1000 people, all LE, a policy strictly maintained. Below is a real example of a daily topic summary. In addition to the Physical and RAW group, ISP students are also invited to an ISP discussion only google group where they can share pin outs and experiences with one another.
PRAW-google-group 

JTAG
Chip-off
ISP
Many manufacturer and model of phones are supported. Support varies from device to device. Most, but not all, devices New phones with eMMC & eMCP memory

JTAG
Chip-off
ISP
Most students start off taking JTAG first. It’s easy to learn, relatively low cost for the equipment needed and it is non-destructive to the device. Chip-off equipment is considerably more expensive than JTAG and that alone can be a barrier to entry for many examiners with tight budgets. However, it is much more reliable. Teel Tech recommends the you take JTAG before taking ISP. Because ISP requires very fine precision soldering, it is recommended that you have adequate soldering experience.

JTAG
Chip-off
ISP
Students learn how to make a JTAG connection to a locked device by primarily soldering to the TAPs (Test Action Points) in order to access the physical memory on the device. Connecting via a Molex Connection or using a custom JIG is also taught. Some newer phones may not be JTAGable. Students learn how to remove the chip from board using various techniques and prepare the board to do a read. Students also learn the fundamentals of the various memory structures found on devices ranging from smartphones, tables and SSD drives. ISP is a good choice for labs seeing newer phones unsupported by JTAG that contain an eMMC or eMCP chip. It is a non-destructive process like JTAG, but it requires very fine precision soldering and either excellent vision or proper magnification.
Learn More about
Teel Tech JTAG Forensics Training
Learn More about
Teel Tech Chip-off Forensics Training
Learn More about
Teel Tech ISP Forensics Training

JTAG
Chip-off
ISP
Joint Test Action Group (JTAG) is an industry standard devised for testing printed circuit boards (PCBs) using boundary scan and was designed to quickly and easily test PCBs coming off a manufacturing assembly line. JTAG Forensics is a process that uses that same process and involves connecting the the Test Access Ports (TAPs) on a PCB via solder, molex or jig and then uses a supported JTAG Box (Riff, Z3X, ATF, etc.) to instruct the processor to acquire the raw data stored on the connected memory chip to get a full physical image from the device. This process is non-destructive to the phone. Chip-off Forensics is the process in which a BGA memory chip is removed from a device and prepared so that a chip reader can acquire the raw data to obtain a physical data dump. A chip reader, like the UP 828P Programmer or a SIREDA test socket, is required to perform the read and in the case of the UP 828P, a specific adapter will be required depending on the specific chip. Unlike JTAG, chip-off is a destructive process, and the device will no longer function. Many examiners start with a non-destructive technique like JTAG or ISP before submitting to a Chip-off. In-System Programming (ISP) applied to forensics, is the practice of connecting to an eMMC or eMCP flash memory chip for the purpose of downloading a device’s complete memory contents. eMMC and eMCP memory are the standard in today’s smartphones, and the ISP practice enables examiners to directly recover a complete data dump without removing the chip or destroying the device. Identifying the taps that connect to the memory chip using a multimeter is required in ISP technique. Thus, for each evidence phone, a second identical phone that can be destroyed will be needed.