Difference between pages "Chip-Off Forensics" and "JTAG Forensics"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
m (Procedures)
 
Line 1: Line 1:
 
== Definition ==
 
== Definition ==
=== From Wikipedia ([http://en.wikipedia.org/wiki/Mobile_device_forensics#Forensic_desoldering http://en.wikipedia.org/wiki/Mobile_device_forensics#Forensic_desoldering]): ===
+
=== From Wikipedia ([http://en.wikipedia.org/wiki/Joint_Test_Action_Group http://en.wikipedia.org/wiki/Joint_Test_Action_Group ]): ===
  
Commonly referred to as a "Chip-Off" technique within the industry - this is the last and most intrusive method to get a memory image is to desolder the non-volatile memory chip and connect it to a memory chip reader.  This method contains the potential danger of total data destruction: it is possible to destroy the chip and its content because of the heat and possible physical damage from desoldering.
+
Joint Test Action Group (JTAG) is the common name for what was later standardized as the IEEE 1149.1 Standard Test Access Port and Boundary-Scan Architecture. It was initially devised for testing printed circuit boards using boundary scan and is still widely used for this application. Today JTAG is also widely used for IC debug ports. In the embedded processor market, essentially all modern processors support JTAG when they have enough pins. Embedded systems development relies on debuggers talking to chips with JTAG to perform operations like single stepping and breakpointing. Digital electronics products such as cell phones or a wireless access point generally have no other debug or test interfaces.
  
 
=== Forensic Application ===
 
=== Forensic Application ===
  
Chip-Off forensics is an acquisition procedure which involves physically removing the NAND or flash IC from a device and reading it directly on an external NAND/Flash reader. It is considered a last-option technique, as repairing the phone to a working state post-IC removal, is quite difficult.
+
JTAG forensics is an acquisition procedure which involves connecting to the Standard Test Access Port (TAPs) on a device and instructing the processor to transfer the raw data stored on connected memory chips. Jtagging supported phones can be an extremely effective technique to extract a full physical image from devices that cannot be acquired by other means.
  
 
== Tools and Equipment ==
 
== Tools and Equipment ==
Line 14: Line 14:
 
== Procedures ==
 
== Procedures ==
  
* [[Chip-Off BlackBerry Curve 9300]]
+
* [[JTAG HTC Wildfire S]]
* [[Chip-Off BlackBerry Curve 9315]]
+
* [[JTAG Huawei TracFone M865C]]
* [[Chip-Off BlackBerry Curve 9320]]
+
* [[JTAG Huawei TracFone H866C]]
* [[Chip-Off BlackBerry Bold 9780]]
+
* [[JTAG Huawei U8655]]
 +
* [[JTAG Huawei Y301-A1 Valiant]]
 +
* [[JTAG LG L45C TracFone]]
 +
* [[JTAG LG P930 (Nitro HD)]]
 +
* [[JTAG LG E960 (Nexus 4)]]
 +
* [[JTAG Samsung Galaxy Centura (SCH-S738C)]]
 +
* [[JTAG Samsung Galaxy S4 (SGH-I337)]]

Revision as of 18:35, 23 December 2013

Contents

Definition

From Wikipedia (http://en.wikipedia.org/wiki/Joint_Test_Action_Group ):

Joint Test Action Group (JTAG) is the common name for what was later standardized as the IEEE 1149.1 Standard Test Access Port and Boundary-Scan Architecture. It was initially devised for testing printed circuit boards using boundary scan and is still widely used for this application. Today JTAG is also widely used for IC debug ports. In the embedded processor market, essentially all modern processors support JTAG when they have enough pins. Embedded systems development relies on debuggers talking to chips with JTAG to perform operations like single stepping and breakpointing. Digital electronics products such as cell phones or a wireless access point generally have no other debug or test interfaces.

Forensic Application

JTAG forensics is an acquisition procedure which involves connecting to the Standard Test Access Port (TAPs) on a device and instructing the processor to transfer the raw data stored on connected memory chips. Jtagging supported phones can be an extremely effective technique to extract a full physical image from devices that cannot be acquired by other means.

Tools and Equipment

Procedures