chip-off 2.0 forensics

Format:on-site
Język szkolenia:englisg
Cena:€3950

descrption

The five-day class provides students with the skills required to properly remove a BGA memory chip from a mobile device, prepare the memory for a read, and use chip-reading equipment to acquire the data.

Students will know the structure of devices and best practices to prevent damage to a chip during removal and preparation, the difference between memory structures – from mobile device, to tablet, to SSD hard drive – and how chip-off can be utilized to acquire data from a growing number of devices – the class enables examiners to get a handle on the growing trend of BGA memory use.

program

During: 5 days

Day 1:

• Chip-off Introduction

o When should one consider the Chip-off process
o Mobile Device Force Acquisition Continuum
o Supported devices
o Overview of real cases
o What you may encounter in Chip-off dumps

• Chip-off Heat Process

o Disassembly of the cell phone and considerations
o References and training for cell phone disassembly
o Heat/Non-Heat shield removal
o Removing chip Upper/Lower heat source
o Removing chips Lower heat source
o Removing chip T862
o When to and not to use these heat chip removal/cleaning processes
o Preparing the chip for Tinning or 2 Stage Reballing
o Tinning of BGA chips
o Review of videos of each process
Hands on Practical’s for Heat Removal/Cleaning/Tinning of chips

Day 2:

• Characteristics of Flash Memory

o Types of Chip you will encounter and what is to come
o What is Flash Memory
o How is the data stored in the memory
o Wear Levelling-Garbage Collection-FTL-Trim and their affects
o Transition through NOR-NAND-eMMC-eMCP-UFS
o Controller functions related to Flash Memory
o Quick look at SSD type storage

• UP828 & UP828P Programmers

o Getting to know the software/hardware interface
o Installation process
o What are the differences between UP828 and UP828P
o Adapters and how they work
o Importance of the Checksum Hash values
o Errors you will encounter and how to trouble shoot them
o Quick look at decoding to data

• 2 Stage Reballing of BGA Chips

o Tools and kit you will need
o Low heat solder paste
o Stage 1 reballing of the chip
o Overview of BGA Stencils
o Stage 2 reballing of the chip
o When and why to use each reballing stage
o Other options for Reballing
Hands on Practical’s for Heat Removal Process and Reballing

Day 3:

• Non-Heat Milling BGA Chips

o Overview of the process and video
o The right and wrong equipment for this process
o Process where milling is best used
o Pros and Cons of the Milling process
o Some training locations will feature a Milling machine for use
• Non-Heat Polishing Process
o Overview of the process
o Two reasons to use the Polishing Process
o Polishing surfaces – When and why to use them
o Polishing Fixtures – How to use them
o Adhesives – When to use what type
o Polishing epoxy only
o Polishing PCB with cut out chip
o Video review and discussion of each process
Hands on Practical’s for Heat and Non-Heat Processes

Day 4:

• Medusa eMMC Box

o Overview of the Medusa Pro Box
o Installation process
o ISP-eMMC Functions
• Alternative Reading Tools
o SD or USB eMMC type Adapters
o Advantages and when to use the eMMC SD adapters
o How to use them properly forensically
o E-Mate eMMC Pro kit
o Read through ISP Flasher Box
o Read through USB cable
o Bus Modes and how they can help
o In-System-programming direct solder to chip
o Other programmers for Mobile Phones
o Other programmers for Memory devices

• Package on Package

o Reviewing phones that use POP chipsets
o Why is POP used
o Removing POP chips
o Splitting POP style chips
o Review Videos of the processes
Hands on Practical’s for Heat/Non-Heat Processes and Package on Package chips

Day 5:

• Dediprog UFS Programmer

o A look at the UFS chips
o Understanding BGA95 and BGA153 differences
o Overview of the hardware and adapters
o Installation of the software
o LUN’s and other partitions in UFS style chips
o Looking at and reading the LUN’s and RPMB partitions
o Parsing out the recovered data
• Resources and DataSheets
o Resources to help you with your Chip-off adventures
o Reference material
o Decoding the number on the chips
o How to find out what adapter you need
o How to find out what chip you have
o What can you glean from the chip datasheets
o Best/Safe places to get Datasheets

• Certification Process

o Test phone provided to use any process from class
o Must provide instructor with bin dump and decoded data
o Successful students receive Teel Tech Chip-off 2.0 Certification

benefits

  • You will learn the fundamentals of memory structure.
  • You will know how to utilize the tools available to read the memory off the chip.
  • You will be able to properly remove a BGA Chip from a device.
  • You will know how to prepare the Chip to be read, acquire the data and decode them.

who is the
course for?

  • Service employees, policemen and persons with tasks related to computer forensics within the scope of their duties.
  • Sworn Law Enforcement.

requirements

For students bringing a laptop to class, please ensure they meet the following minimum requirements:• Windows 7
• Windows 8.x and 10.x using these instructions (turn off driver sig enforcement)
• macOS with Bootcamp Windows 7
• macOS with Bootcamp Windows 8.x and Win 10.x using these instructions
• macOS alone will not work (No Virtual Machines)
• 8GB RAM (minimum)
• 100GB storage (minimum)
• You must have Admin rights or have the admin password for software installation.
• NOTE: ALL Windows updates should be done prior to class.
Optional:

• Cellebrite P.A. Dongle
• Encase, FTK, X-Ways Dongle
• Access to a HEX editor
• External USB 3.0 Storage Device

Dariusz Hajka<br />
Key Account Manager
contact us:
Dariusz Hajka
Key Account Manager