JTAG Physical Extraction

JTAG (Joint Test Action Group) forensics is an advanced level data acquisition method that involves connecting to Test Access Ports (TAPs) on a device and instructing the processor to transfer the raw data stored on connected memory chips.

JTAG involves the disassembly of a mobile phone and the connection to test points or components on the motherboard to read data from the handset. The connection can be made using specialist adapters, micro-soldering wires or a combination of the two. Wires can be de-soldered after data extraction to return the handset to its prior state. Data can be extracted from handsets unsupported by forensic software along with PIN, pattern or password-protected phones.

This procedure may result in damage to or destruction of the phone.
JTAG is appropriate when commercial forensic extraction options cannot acquire a physical image or when a device is logically damaged or “bricked”. The majority of JTAG engagements involve Android phones which are pattern locked and cannot be bypassed by other means.