In-System Programming (ISP) For Mobile Device Forensics

What is ISP?

ISP “In-System Programming” applied to forensics, is the practice of connecting to an eMMC or eMCP flash memory chip for the purpose of downloading a device’s complete memory contents. eMMC and eMCP memory are the standard in today’s smartphones, and the ISP practice enables examiners to directly recover the complete data without removing the chip and destroying the device.

ISP benefits the examiner who faces the challenges of tightening budgets, yet wants to expand their expertise in retrieving evidence from locked smartphones. A cost-effective technique, ISP provides examiners with the same results of a chip-off at a lower price-point.

And just like with JTAG and Chip-Off, your agency can still use its current line-up of forensic analysis software to recover that ’smoking gun’ piece of evidence. No need to purchase additional analysis software.


Course Details

$3,950

Course Code: AT-ISP

Duration: 5 Days

Laptop Required: Yes

This class is for sworn law enforcement only.

 

View Upcoming Classes



ISP 7

Why do we need ISP?
  • ISP enables examiners to bypass lock codes, and recover a complete data collection from phones not supported by JTAG or commercial tools.
  • It’s a non-destructive practice that achieves the same results as a chip-off, while leaving the original evidence intact.
  • Acquires data much faster than JTAG, enabling examiners to process more phones faster.
  • Less resources and tools are required to perform an ISP download compared to Chip-Off.

 

The first day back from training I received a phone which was locked out by the Factory Android Protection mode. I couldn’t image it with any other hardware/software tools. I used ISP and was able to get a physical image from the phone! Although nervous, I was able to successfully solder to the board.

Howard H.


 

ISP 3

What Students Will Learn in This Training
  • Students will gain a comprehensive understanding and the skills to perform ISP extractions from devices with eMMC and eMCP memory.
  • Students learn how to determine if a cell phone supports the ISP process, locate the ISP connection points, then using a hardware / software combination of tools, connect to the phone and download its contents.
  • Students are provided with three sets of phones to perform chip-off extractions to understand tracing & connection points.
  • Students will remove chips from devices, locate ISP connection points using back tracing techniques, and then apply the ISP process to an identical phone to download the flash memory.
  • Students learn finer precision soldering skills as they solder to the resistors and capacitors of the PCB. And practice, practice, practice!

Students completing the class will receive a Certificate of Completion in ISP Forensics from Teel Technologies.

***Pre-requisites: Students should have basic soldering skills and be comfortable working at the PCB level.

Laptop Minimum Requirements

We encourage students to bring their own laptops whenever possible. If this is not possible, TeelTech will provide one for you. If you do plan on bringing your own laptop, indicate so on the registration page and please ensure the meet the following requirements.


Laptop Requirements:

  • Windows OS
  • macOS with Bootcamp Windows
  • macOS alone will not work (No Virtual Machines)
  • 8GB RAM (minimum)
  • 100GB storage (minimum)
  • You must have admin rights or have the admin password for software installation.
  • NOTE: ALL Windows updates should be done prior to class


Mobile Forensics Google Group

Contact us if you are interested in hosting at your location.

This class is for Law Enforcement Only (LEO) or LE affiliates ONLY unless otherwise noted.
For questions regarding this policy, please contact us at info@teeltech.com or (203) 855-5387.
Course Offerings