Combined ISP/Chip-off 2.0 Forensics Training


Teel Tech Chip-Off 2.0 provides students with a comprehensive education into performing forensics on memory chips used in today’s mobile devices and other media.

In depth information about eMMC, eMCP, and UFS chips
  • Newest BGA chip pinout layouts
  • Applying proper techniques for non-heat chip removal
  • Pros and cons of physical manipulation caused by heat or friction removal techniques
  • Updated heat removal processes
  • Introduction to monolithic devices and data recovery techniques
  • New tools and techniques for chip-off extraction



Why use Chip-Off?

Chip-Off will support the following:

  • Damaged or destroyed devices
  • Devices unsupported by commercial tools
  • Unsupported advanced data extraction methods

This course consists of hands-on practicals and theory presentations that encompass proper and safe chip removal and data extraction.

Further analysis of the data will be covered, and students shall use leading forensics software in the class to analyze data.



What is ISP?

ISP “In-System Programming” applied to forensics, is the practice of connecting to an eMMC or eMCP flash memory chip for the purpose of downloading a device’s complete memory contents. eMMC and eMCP memory are the standard in today’s smartphones, and the ISP practice enables examiners to directly recover the complete data without removing the chip and destroying the device.

ISP benefits the examiner who faces the challenges of tightening budgets, yet wants to expand their expertise in retrieving evidence from locked smartphones. A cost-effective technique, ISP provides examiners with the same results of a chip-off at a lower price-point.

And just like with JTAG and Chip-Off, your agency can still use its current line-up of forensic analysis software to recover that ’smoking gun’ piece of evidence. No need to purchase additional analysis software.




Why do we need ISP?
  • ISP enables examiners to bypass lock codes, and recover a complete data collection from phones not supported by JTAG or commercial tools.
  • It’s a non-destructive practice that achieves the same results as a chip-off, while leaving the original evidence intact.
  • Acquires data much faster than JTAG, enabling examiners to process more phones faster.
  • Less resources and tools are required to perform an ISP download compared to Chip-Off.

The first day back from training I received a phone which was locked out by the Factory Android Protection mode. I couldn’t image it with any other hardware/software tools. I used ISP and was able to get a physical image from the phone! Although nervous, I was able to successfully solder to the board.

Howard H.

ISP 3

What Students Will Learn in This Training
  • Students will gain a comprehensive understanding and the skills to perform ISP extractions from devices with eMMC and eMCP memory.
  • Students learn how to determine if a cell phone supports the ISP process, locate the ISP connection points, then using a hardware / software combination of tools, connect to the phone and download its contents.
  • Students are provided with three sets of phones to perform chip-off extractions to understand tracing & connection points.
  • Students will remove chips from devices, locate ISP connection points using back tracing techniques, and then apply the ISP process to an identical phone to download the flash memory.
  • Students learn finer precision soldering skills as they solder to the resistors and capacitors of the PCB. And practice, practice, practice!

***Pre-requisites: Students should have basic soldering skills and be comfortable working at the PCB level.


Laptop Minimum Requirements

We encourage students to bring their own laptops whenever possible. If this is not possible, TeelTech will provide one for you. If you do plan on bringing your own laptop, indicate so on the registration page and please ensure they meet the following requirements.


Laptop Requirements:

  • Windows OS
  • macOS with Bootcamp Windows 7
  • macOS alone will not work (No Virtual Machines)
  • 8GB RAM (minimum)
  • 100GB storage (minimum)
  • You must have admin rights or have the admin password for software installation.
  • NOTE: ALL Windows updates should be done prior to class

Optional:

  • Cellebrite P.A. Dongle
  • Encase, FTK, X-Ways Dongle
  • Access to a HEX editor
  • External USB 3.0 Storage Device


Course Offerings