XRY Advanced Acquisitions Course

the_Grinch

Today I started my last course with XRY. This course covers JTAGing and Chip Off of cell phones. Basically this is the acquisition of a device when everything else has failed. The first day we did a quick refresher and then some test soldering. Next we broke open a few devices and worked on utilizing a RIFFbox to JTAG them and begin an acquisition. Thus far I have been really impressed with the training and the instructors knowledge. Also, the company as a whole is very responsive.

the_Grinch

Today was especially fun! First we removed the memory from a USB stick and placed it in a reader to perform a physical **** of the drive. From there we were tasked with looking up a phone we were given, locate the eMMC chip and removing it. This is a lot of work and I can see the chances of returning the phone to the owner after are slim. Each phone is different and I didn't know you can actually go onto the FCC website to get pictures of devices torn down. My instructor got some phones off of eBay for us to remove the chips from. Mine was an especially cheap model and took a bit of work to get the chip off. Even once I had it off I had to do a lot of cleaning on it (they used an apoxy that was preventing the contacts from connecting), but I did eventually get it. I performed a full physical and lets just say some pictures this lady deleted were most definitely still there (along with the text messages saying "delete this as soon as you get it"). Friday we work on getting the chip back onto the USB stick.

636-555-3226

Details man, come on! Blonde, brunette, attractive, worth me buying more junker phones off of ebay? Sounds like it's time for me to start taking those forensics classes I keep putting off.....

the_Grinch

LOL not going to comment on what I saw, but definitely a lot of interesting stuff out there. I would definitely buy some old phones off eBay just for the experience (especially if you'll be doing this for a living). Today was all about importing the images from a chip off into the forensic software for examination. We utilized a linux live disc called Santuko to get the encryption keys and passcode for an Android device that was chipped off. Tomorrow will be on working with Android recovery mods.

Another note is the equipment isn't expensive per say, but adds up when you have to purchase all of it. It seems like a lot of $50 to $500 dollars here and there. Adds up especially when you consider new phones are coming out constantly.

the_Grinch

Yesterday we covered loading alternate roms to allow a backup of the phone. It was definitely nice to do it on a phone that I didn't have to worry about bricking. But the big thing is I believe I can do it with a phone I've been asked to perform an extraction on (very excited about that!).

The final day was about reballing the chips we took off of thumb drives and taking the test. Lets just say, it is extremely hard and if you are doing a chip off on a phone expect to not be giving it back to the owner in working condition. A large part of it is probably the more you do it the better you will become, but it is definitely a lot of work.

I am officially done all of my XRY training. My agency paid for me to attend every course they have except for one (incident responder). Phones are exploding on police departments and there aren't many of us available to perform forensics on them. I expect to be extremely busy for my career.