Information Technology Reference
In-Depth Information
ded that the other levels of extraction are attempted prior to chip-off since this method is
destructive in nature. Also, the information that comes out of memory is in a raw format
and has to be parsed, decoded, and interpreted. The chip-off method is preferred in situ-
ations where it is important to preserve the state of memory exactly as it exists on the
device. It is also the only option when a device is damaged but the memory chip is intact.
The chips on the device are often read using the
Joint Test Action Group
(
JTAG
) meth-
od. The JTAG method involves connecting to
Test Access Ports
(
TAPs
) on a device and
instructing the processor to transfer the raw data stored on memory chips. The JTAG
method is generally used with devices that are operational but inaccessible using standard
tools.
Micro read
The process involves manually viewing and interpreting data seen on the memory chip.
The examiner uses an electron microscope and analyzes the physical gates on the chip and
then translates the gate status to 0's and 1's to determine the resulting ASCII characters.
The whole process is time consuming and costly, and it requires extensive knowledge and
training on flash memory and the file system. Due to the extreme technicalities involved
in micro read, it would be only attempted for high-profile cases equivalent to a national
security crisis after all other level extraction techniques have been exhausted. The process
is rarely performed and is not well documented at this time. Also, there are currently no
commercial tools available to perform a micro read.
