Information Technology Reference
In-Depth Information
Other techniques
All of the earlier mentioned techniques and the commercial tools available prove to be use-
ful to the forensic examiner trying to get access to the data on the Android devices.
However, there could be situations where none of these techniques work. To obtain a com-
plete physical image of the device, techniques such as chip-off and JTAG may be required
when commercial and open source solutions fail. A short description of these techniques is
mentioned.
While the chip-off technique removes the memory chip from a circuit and tries to read it,
the JTAG technique involves probing the JTAG
Test Access Ports
(
TAP
s) and soldering
connectors to the JTAG ports in order to read data from the device memory. The chip-off
technique is more destructive because once the chip is removed from the device, it is diffi-
cult to restore the device back to its original functional state. Also, expertise is needed to
carefully remove the chip from the device by desoldering the chip from the circuit board.
The heat required to remove the chip can also damage or destroy the data stored on that
chip. Hence, this technique should be looked upon only when the data is not retrievable by
open source or commercial tools or the device is damaged beyond repair. When using the
JTAG technique, JTAG ports help an examiner to access the memory chip to retrieve a
physical image of the data without needing to remove the chip. To turn off the screen lock
on a device, an examiner can identify where the lock code is stored in the physical memory
dump, turn off the locking, and copy that data back to the device. Commercial tools, such
as Cellebrite Physical Analyzer, can accept
.bin
files from chip-off and JTAG acquisi-
tions and crack the lock code for the examiner. Once the code is either manually removed
or cracked, the examiner can analyze the device using normal techniques.
Both the chip-off and JTAG techniques require extensive research and experience to be
tried on a real device. A great resource for JTAG and chip-off on devices can be found at
