Bringing quality, cost-effective and platform-neutral education to the community, Teel Technologies’ courses cover both advanced forensics, as well as tool-specific training per customer requirements. Our current course offerings provide practitioners with the skills that go beyond the standard logical acquisition and analysis efforts. Our tool-specific classes are custom-configurable for each client, based upon their specific requirements or tool deployments. And we have a complete mobile classroom that enables us to bring the classroom to the students, and set-up where needed.
Upcoming classes are listed below, and feel free to contact us with any questions or specific requests.
Embedded Hardware Acquisition & Analysis Training
Access digital data at the physical level from sources that include IOT devices, smart tvs, vehicle systems, skimmers/shimmers and drones.
This course will teach how to analyze artifacts left behind through system and user interaction with the host system. Students will explore how applications function and store data in the file system and within SQL databases.
In this 3-day Password Recovery and Data Decryption for Mobile Forensics Course, students will develop an in-depth knowledge of password protection and data encryption techniques used in mobile forensics.
ISP allows examiners to connect to an eMMC or EMCP flash memory chip (standard in today’s smartphones) for the purpose of downloading a device’s complete memory contents. Examiners can directly recover the complete data without removing the chip and destroying the device.
Geared toward students that have a working familiarity with mobile device acquisition and extraction, this course focuses on the analytic analysis and reporting capabilities of the Oxygen Forensic® Detective powered by JetEngine.
PC-3000 Flash/SDD/Monolith Data Recovery Expert Training
Digital forensics experts and data recovery professionals who take this course will be able to restore damaged NAND-based drives, including monolith devices (MicroSD; xD; SD, UFD, MS in monolith package).
Joint Test Action Group (JTAG) is an industry standard devised for testing printed circuit boards (PCBs) using boundary scan and was designed to quickly and easily test PCBs coming off a manufacturing assembly line. JTAG Forensics is a process that uses that same process and involves connecting the the Test Access Ports (TAPs) on a PCB via solder, molex or jig and then uses a supported JTAG Box (Riff, Z3X, ATF, etc.) to instruct the processor to acquire the raw data stored on the connected memory chip to get a full physical image from the device. This process is non-destructive to the phone.
Chip-off Forensics is the process in which a BGA memory chip is removed from a device and prepared so that a chip reader can acquire the raw data to obtain a physical data dump. A chip reader, like the UP 828P Programmer or a SIREDA test socket, is required to perform the read and in the case of the UP 828P, a specific adapter will be required depending on the specific chip. Unlike JTAG, chip-off is a destructive process, and the device will no longer function. Many examiners start with a non-destructive technique like JTAG or ISP before submitting to a Chip-off.
In-System Programming (ISP) applied to forensics, is the practice of connecting to an eMMC or eMCP flash memory chip for the purpose of downloading a device’s complete memory contents. eMMC and eMCP memory are the standard in today’s smartphones, and the ISP practice enables examiners to directly recover a complete data dump without removing the chip or destroying the device. Identifying the taps that connect to the memory chip using a multimeter is required in ISP technique. Thus, for each evidence phone, a second identical phone that can be destroyed will be needed.
Students learn how to make a JTAG connection to a locked device by primarily soldering to the TAPs (Test Action Points) in order to access the physical memory on the device. Connecting via a Molex Connection or using a custom JIG is also taught. Some newer phones may not be JTAGable.
Students learn how to remove the chip from board using various techniques and prepare the board to do a read. Students also learn the fundamentals of the various memory structures found on devices ranging from smartphones, tables and SSD drives.
ISP is a good choice for labs seeing newer phones unsupported by JTAG that contain an eMMC or eMCP chip. It is a non-destructive process like JTAG, but it requires very fine precision soldering and either excellent vision or proper magnification.
Teel Tech JTAG, Chip-off and ISP students get access to the Physical and RAW Mobile Forensic Google Group, with a focus on Mobile Phone Forensics – Forensics Tools; Flasher Box; Bootloader; JTAG; ISP; and Chip-off are some of the topics of discussion. Moderated by Bob Elder, Director of Training and the head of Teel Tech Canada, the group is now over 1000 people, all LE, a policy strictly maintained. Below is a real example of a daily topic summary.
In addition to the Physical and RAW group, ISP students are also invited to an ISP discussion only google group where they can share pin outs and experiences with one another.
Teel Technologies was the first to introduce JTAG, Chip-off and ISP to the mobile forensic community. We constantly receive feedback that our classes are the best. And our classes are taught by seasoned mobile forensic examiners who are either active or retired law enforcement who practice these techniques day in and day out.
What our customers have to say
“My instructor was a great character. I enjoyed his stories and passion to share his knowledge. The training I took was a very good introductory course while also being very comprehensive. I am looking forward to practicing what has been taught.”
“Training was great! Keep doing what your doing, Teel Tech! The pace, hands on work and even-keel approach works very well for all involved. The blend of group learning and one-on-one instruction is a great combination. It allows for all types of learning.”
“My instructor was excellent. Very relatable and approachable. I would take another class taught by them if offered. The biggest lesson I learned is to be patient, that the data can always be acquired, it just depends on whether the method is more or less difficult, destructive, time-intensive, etc.”