As of last spring, there were 237.72 million cell phone users in the United States alone. As smartphone technology expands, users are increasingly dropping landlines and using their personal cell phones as work phones. The cell phone becomes the central hub of their life, holding contact and appointment info, emails, texts, phone calls, social media access, and more. As such, these devices are often sources of crucial evidence in nearly all types of litigation. However, cell phone forensics offer unique challenges, particularly when it comes to recovering data from a locked or damaged phone.
Accessing Locked or Damaged Mobile Devices
There are times when standard forensic tools are unable to recover data from locked or broken mobile devices. In that event, there are two processes that can employed as a last resort, known as “JTAG” and “chip-off.” These processes require a thorough understanding of circuit board and memory chip architectures in order to be performed correctly.
What is “JTAG”?
“JTAG” refers to a standard set of tools built into the circuit board of almost every mobile device which simplify device testing and quality control. The acronym stands for “Joint Test Action Group,” the industry group that originally defined these standard tools. A cell phone forensic examiner can piggyback off of these testing tools and directly access a device’s memory chip, bypassing the password and/or encryption.
What is “Chip-Off”?
The “chip-off” method involves physically removing a memory chip from the device’s circuit board and accessing it through a different chip-reading apparatus. However, this process is not reversible and this renders the original device inoperable. Furthermore, the removal process is akin to performing brain surgery on a circuit board. It is a delicate process, even for the most experienced forensic examiner. Newer mobile devices are not designed to be disassembled, and it is possible to damage the memory chip during removal, rendering some or all of the data inaccessible.
Which Process Should I Choose?
If the device is operational but locked, JTAG should be the first choice. It allows you to bypass password and encryption schemes, generally without damaging the device. And if JTAG doesn’t work, you can still attempt the chip-off method. However, if the target device is damaged and non-operational, the chip-off process may be your only option. Since there is a risk of damage to the memory chip, it is important to select an experienced forensic examiner for this process.
Precise Discovery: Cell Phone Forensics You Can Rely On
The goal of both JTAG and chip-off is to retrieve a physical image of the memory chip on a specific mobile device. But this is only the beginning of the forensic examination. A mobile device forensics examiner must then use that image to reconstruct the data, conduct forensic analysis, and produce a comprehensive report. Precise’s expert staff will provide you with all the tools and information you need to make your case.
To learn more about Precise’s cell phone forensics, call us today at 866-277-3247.