±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 35628
New Yesterday: 2 Visitors: 137

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

ISP Extraction - Worth Training For?

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

the_Grinch
Senior Member
 

ISP Extraction - Worth Training For?

Post Posted: Feb 25, 19 16:29

Saw a couple emails for classes in ISP extractions and was wondering if it's worth doing? I've been trained in chip-off and didn't know if there were any advantages to being trained in ISP (other than not destroying the device in the process of a chip-off)? Also, are people doing a lot of ISP extractions?  
 
  

jaclaz
Senior Member
 

Re: ISP Extraction - Worth Training For?

Post Posted: Feb 25, 19 18:44

Only for the record (boy do I hate unexpanded/unexplained acronyms):

What is ISP?

ISP “In-System Programming” applied to forensics, is the practice of connecting to an eMMC or eMCP flash memory chip for the purpose of downloading a device’s complete memory contents. eMMC and eMCP memory are the standard in today’s smartphones, and the ISP practice enables examiners to directly recover the complete data without removing the chip and destroying the device.

ISP benefits the examiner who faces the challenges of tightening budgets, yet wants to expand their expertise in retrieving evidence from locked smartphones. A cost-effective technique, ISP provides examiners with the same results of a chip-off at a lower price-point.

And just like with JTAG and Chip-Off, your agency can still use its current line-up of forensic analysis software to recover that ’smoking gun’ piece of evidence. No need to purchase additional analysis software.


Courtesy of teeltech:
www.teeltech.com/mobil...forensics/
which BTW offers a 5 days course (reserved to LEO only) for a mere US$ 3,950.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

passcodeunlock
Senior Member
 

Re: ISP Extraction - Worth Training For?

Post Posted: Feb 26, 19 11:37

Starting with Android 7.x, chip-off, JTAG and ISP won't get you other then a dump of the chip with encrypted userdata partition.

For most of the people this is a dead-end, but in reality a physical dump is very useful, even if the userdata partition is encrypted Smile
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

jaclaz
Senior Member
 

Re: ISP Extraction - Worth Training For?

Post Posted: Feb 26, 19 15:14

- passcodeunlock

For most of the people this is a dead-end, but in reality a physical dump is very useful, even if the userdata partition is encrypted Smile

Care to share with us some examples of such usefulness? Question

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

the_Grinch
Senior Member
 

Re: ISP Extraction - Worth Training For?

Post Posted: Feb 26, 19 15:24

My thought is, passcodeunlock would know best, if you get a physical of the device and can get the encryption keys from TEE you could then run a bruteforce against the image you have?  
 
  

jaclaz
Senior Member
 

Re: ISP Extraction - Worth Training For?

Post Posted: Feb 26, 19 17:34

- the_Grinch
My thought is, passcodeunlock would know best, if you get a physical of the device and can get the encryption keys from TEE you could then run a bruteforce against the image you have?

Oh, noes Rolling Eyes .
en.wikipedia.org/wiki/Tee

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

passcodeunlock
Senior Member
 

Re: ISP Extraction - Worth Training For?

Post Posted: Feb 26, 19 18:13

the_Grinch is right, in certain situations the encryption keys can be found and used to decrypt the userdata partition.
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 

Page 1 of 2
Page 1, 2  Next