In this five-day course on JTAG forensics, students learn the skills required to successfully retrieve a physical acquisition from devices that are locked or not supported by commercial and other tools. Participants are provided with a comprehensive education in the non-destructive techniques to acquire data from JTAG connections – from device disassembly and reassembly, to soldering, to password retrieval and data recovery.

In our all-new JTAG class offerings for 2017, we provide more extensive education in the JTAG process, including expanded soldering education and better integration of forensic tools that are importing and decoding JTAG acquired data.


Why do we need JTAG? — JTAG helps us get into these phones

  • Locked Android cell phone with USB Debugging turned off
  • Locked Windows phones
  • Locked proprietary OS phones
  • Physical memory acquisition where tools don’t support this
  • Damaged or broken phones
  • Unsupported by the forensic tools

This comprehensive course enables investigators to learn and build on the required soldering skills and JTAG access options through practice and many practical exercises. Students leave class with a full skillset to continue on with JTAG back at the lab.

Course components

  • Disassemble and reassembly of equipment
  • Soldering skills are mastered in this training
  • Correct application of JTAG technology to access the physical memory
  • Production of a physical dump of a locked / disabled USB debugging Android phone, identification of the password and then restore user data by using your forensics tools
  • Recovery of physical memory from locked Windows or Proprietary OS phones
  • Advanced RIFF Box techniques are also addressed
  • The course provides a proper education in the disassembly and re-assembly of a functional cell phone (non destructive process), so that the JTAG connection can be completed using a JIG, Molex Connector or the soldering process

New Course Improvements

  • New Molex adapter connections – Some phone allow connection without soldering, these techniques are addressed
  • eMMC Reads – Working directly with eMMC partitions on live phones to save only the data you need
  • Identify the test access points (TAPs) using various techniques and tools
  • Utilizing Python scripts for recovering pattern/pin locks. Introductory information using open source scripts
  • Advanced HashCat processing for pattern/PIN password lock the new style Android OS phones
  • Implementation of JTAG support in Cellebrite to RAW – to decode dumps

In the class, students use today’s tools with features for assisting in analzying JTAG data, including UFED Physical Analyzer and IEF Forensics. Trial versions of each software are provided to students at class, along with the Riff Box and Molex connectors.

Laptop Minimum Requirements

We encourage students to bring their own laptops whenever possible. If this is not possible, please contact us in order to find a solution. If you do plan on bringing your own laptop, please ensure the meet the following requirements.

Laptop Minimum Requirements

  • Windows XP, Windows 7 32 or 64Bit
  • Win XP Mode in VM will function as well
  • MAC with Bootcamp Windows 7 32 or 64Bit (MAC only will not work)
  • 8GB RAM (minimum)
  • 100GB storage (minimum)
  • You must have Admin rights
  • NOTE: ALL Windows updates should be done prior to class
  • NOTE: Windows 8 will not work!


  • Cellebrite P.A. Dongle
  • Encase, FTK, X-Ways Dongle
  • Access to a HEX editor
  • External USB 3.0 Storage Device




Description TeelTech JTAG Mobile Forensics
Date 12. June 2017 – 16. June 2017
Place Zürich
Duration 5 days
Language English
Min. Participants 6
Max. Participants 12
Registrations 3
Price CHF 3950.00 excl. VAT

Important Information! Classes are not confirmed until 30 days prior to course start. Please do not consider an acknowledgement letter or invoice as confirmation that a class will definitely run. Please feel free to contact us to before making travel arrangements, to confirm the class is going forward. A confirmation notice will be issued when a class is confirmed, or a cancellation notice if it will not be held.

Overview Mobile Forensics Training

Description Date Place Registration
TeelTech JTAG 12.06.2017 – 16.06.2017 Zürich, Switzerland Open
TeelTech BGA Chip-off 19.06.2017 – 23.06.2017 Zürich, Switzerland Open
TeelTech In-System Programming (ISP) 26.06.2017 – 30.06.2017 Zürich, Switzerland Open

Mehr über unsere Trainings erfahren?