Updates (last updated 12/19/2014)
Apple iPhone 6 / 6 Plus and Earlier Devices Running the iOS 8 Operating System
Secured Apple devices running version 8.x of the iOS operating system (OS) require specific handling in order maximize the ability to acquire data from them. The following steps should be followed to maximize analysis capabilities:
- Ensure the device stays powered on and is sufficiently charged – DO NOT ALLOW THE DEVICE TO REBOOT
- Shield the device from communication networks by putting the device into Airplane Mode, removing the SIM card, and/or placing it in a shielded enclosure
- Identify and submit for examination a computer system to which the device may have been connected
JTAG and Chip-Off Data Acquisition Services
The DME Section is now offering JTAG and Chip-Off data acquisition services for candidate devices (Apple devices are not supported) that have limited support using more common hardware/software solutions.
- JTAG (Joint Test Action Group) is a non-destructive process that involves connecting to a specific combination of Test Access Ports (TAPs) on a device’s circuit board and instructing the processor to transfer the raw data stored on connected memory chips.
- Chip-Off is a destructive process that involves physically removing the memory chip(s) from a device’s circuit board and reading it on an external reader.
For both options, the memory dump that is obtained can then be analyzed to identify any areas of interest. Examples of where JTAG or Chip-Off may be applied include:
- Non-bypassable security measures, such as a PIN code, password, passphrase, or pattern lock
- Non-functional (e.g. damaged, etc.) devices that cannot be repaired
- Prepaid (“burner”) cellular phones with vendor-disabled data ports