Mobile Forensics:Advanced Investigative Strategies
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

JTAG

JTAG forensics is an advanced acquisition procedure that uses test access ports standardized by the JTAG association. These ports, among other things, can be utilized to access raw data stored in the connected device. The acquisition process involves using existing solder points on the device's circuit board. By using specialized equipment and a matching device-specific JTAG cable, one can retrieve the flash memory contents (less the eMMC overprovisioned area, but including addressable unallocated space) from compatible devices. Notably, JTAG acquisition is often available even for locked, damaged, or otherwise inaccessible devices. JTAG acquisition is available for many Android devices, as well as some feature phones and Windows Phone 7 and 8 devices. JTAG is not available for recent BlackBerry 10 devices. It is not available for any Apple device either.

JTAG operates on a lower level compared to physical acquisition. This has its advantages and disadvantanges.

The following are the JTAG benefits:

  • It can acquire locked devices with an unknown PIN/passcode
  • Supports locked Android devices with USB Debugging turned off
  • Available for many Windows Phone models
  • Available for devices running proprietary operating systems (for example, Ubuntu Touch, Firefox OS, and so on)
  • Good chance of extracting the content of locked up, damaged, and broken devices
  • Extracts data from devices not supported by any forensic tools
  • Non-destructive, but invasive process

Major drawbacks of JTAG acquisition include the following:

  • Cannot overcome encryption (experts may or may not be able to decrypt extracted images)
  • Requires a high skill level and a good amount of expertise
  • Invasive process, requires disassembling the device
  • Labor-intensive
  • Relatively slow acquisition speed (compared to chip-off or ISP)
  • Only available for a limited number of devices with TAP ports
  • Different kinds of JTAG boxes may be required to fully support all manufacturers or models, which adds significant cost

JTAG forensics is a labor-intensive and time-consuming process requiring an expert to use a well-equipped lab. As such, forensic experts tend to try JTAG acquisition after other methods prove unsuccessful.

上一章目录下一章