Mobile devices are among the most ubiquitous electronic communications devices, certainly the fastest growing, and the most frequently encountered. They are encountered at most crime scenes and should be considered when defining the scope of search warrants that include digital evidence. A great potential exists for encountering valuable evidence on these mobile devices.
The JTAG Chip Off for Smartphones Training Program (JCSTP) provides advanced forensic techniques for the acquisition and analysis of mobile devices when conventional tools (e.g. Cellebrite, XRY, Oxygen, etc.) fail to acquire the data.
Joint Test Action Group (JTAG) forensics is an acquisition procedure, which involves connection to the Standard Test Access Ports (TAPs) on a device, and instructing the processor to transfer the raw data stored on the connected memory chips (IC). Jtagging supported devices can be an extremely effective technique to extract a full physical image from devices that cannot be acquired by other means.
In-System Programming (ISP) is the practice of connecting to an eMMC or eMCP flash memory chip for the purpose of downloading a device’s complete memory contents. eMMC and eMCP memory are the standard in today’s smartphones, and the ISP practice enables examiners to directly recover the complete data without removing the chip and destroying the device.
Chip-off forensics is an advanced digital data extraction and analysis technique which involves physically removing flash memory chips (IC) from a subject device and then acquiring the raw data using specialized equipment.
Attendees for this program should be experienced mobile device examiners with a fundamental knowledge of forensic procedures and the completion of FLETC’s Mobile Device Investigation Program (MDIP) or equivalent. Successful completion of a practical exercise is required (substantial after hours work may be necessary) for completion of this program. Students must attend each block of instruction and satisfactorily complete all labs and practical exercises of the program in order to receive a Certificate of Training.
The tuition includes state-of-the-art hardware and software, which is issued to each student (which become the property of the student’s agency upon course completion) and will be demonstrated and used during class. The goal of the program is to provide the hardware, software and training to enable the graduate to examine digital evidence immediately upon return to their office. Included in the tuition are these tools, software and ancillary equipment necessary to perform tasks associated with this program.
Applicant must be a law enforcement officer/agent with arrest authority in the prevention, detection, apprehension, detention and/or investigation of felony and/or misdemeanor violations of federal, state, local, tribal, or military criminal laws. Direct Law Enforcement Support Personnel (DLESP); or employees of a federal, state, local, tribal or international agency who perform functions directly related to a law enforcement or Department of Homeland Security (DHS) mission but do not necessarily have the authority to carry and use firearms, make arrests and/or conduct searches with or without a warrant. This category of personnel may also include military personnel preparing for deployment. Applicant must have successfully completed the Mobile Device Investigations Program (MDIP) or equivalent. For MDIP prerequisite waiver information, please contact the point of contact listed.
Required Training Materials
- JTAG/Chipoff for Smartphones Training Program (JCSTP)
- Cellular Forensics Software
- Equipment Maintenance & Inventory
- Computer Encryption/Decryption
Program Contact Info
Glynco: (912) 267-2485