5-day Essential Smartphone Forensics

TeelTech New 5-day Essential Smartphone Forensics training is designed for Digital Forensic Investigators who have had some introduction to mobile forensics and would like to delve deeper OR anyone who’s encountered a situation where the tools they use are not getting them the data they need.

This class is designed to provide an in-depth practical understanding of mobile device capabilities and components, as well as their file system and native application artifacts. Students will learn some simple repair techniques and utilize open-source tools to extract data from smartphones via hands-on exercises. Students will also learn techniques and strategies for using open-source tools to supplement and corroborate the results obtained with their mobile forensics tool(s) of choice. From evidence handling to testimony preparation, this class aims to give examiners the knowledge and skills they need to perform detailed forensic analyses and testify with confidence to their results.


In this course you’ll learn about:

  • Device Hardware/Firmware/Software
  • Extraction Types
  • Simple Repairs (screen replacements, cable-connected components)
  • Android and iOS Structures and Artifacts
  • Forensic Tools and Open-Source Tools
  • Application and Malware Analysis, Including App Emulation
  • Using Python and SQLite with Forensic Tools
  • Data Verification Considerations and Methods
  • Courtroom Testimony

The newly designed course incorporates the new Teel Tech JTAG Forensic Certification “TJFC” test, as an option for students. All students receive a Certificate of Attendance, and those who pass the practical examination successfully will earn their TJFC.

FREE! Students receive with training:

  • 1 complimentary RIFF Box 2.0 Kit
  • 1 complimentary JPIN JTAG Molex Flex Kit
  • UFED Physical Analyzer Trial License
  • Magnet Internet Evidence Finder (IEF) Trial License

Why Do We Need JTAG?

JTAG can help us get into these phones:

  • Locked Android cell phones with USB Debugging turned off.
  • Locked Windows phones.
  • Locked proprietary OS phones.
  • Physical memory acquisition when commercial tools come do not
  • Damaged or broken phones.

What Will I Learn?

Course Essential Components
  • Disassembly and assembly of devices.
  • Extensive soldering lessons, as well as using Molex Adapters.
  • Identify the test access points (TAPs) using various means, as well as the supplied Z3X Box
  • eMMC Reads – Working directly with eMMC partitions on live phones to save only the data you need.
  • Production of a physical dump of a locked / disabled USB Android phone, identification of the password and then restore user data by using your forensics tools.
  • Utilizing Python scripts for recovering pattern/pin locks. Introductory information using open source scripts.
  • Learn how to use commercial tools with JTAG dumps, such as UFED PA, Magnet IEF, Oxygen Detective
  • Students are provided with multiple devices to perform JTAG examinations.
  • All students receive Certificate of Participation
  • Students Receive the complimentary TeelTech JTAG RIFF Kit (see page 2), as well as UFED PA, Magnet IEF, Belkasoft and Oxygen demo licenses.
  • Final Practical Exam to Earn the Teel JTAG Forensic Certification “TJFC” consists of a fully assembled locked device that students disassemble, perform the JTAG acquisition to acquire the raw data, and retrieve pattern lock. Students reassemble device, power up and unlock the device with acquired pattern lock code.
Additional Components
  1. New Molex adapter connections – Some phones allow connection without soldering, these techniques are addressed.
  2. eMMC Reads – Working directly with eMMC partitions on live phones to save only the data you need.
  3. Identify the test access points (TAPs) using various techniques and tools.
  4. Utilizing Python scripts for recovering pattern/pin locks. Introductory information using open source scripts.
  5. Advanced HashCat processing for pattern/PIN password lock the new style Android OS phones.
  6. Implementation of JTAG support in Cellebrite to RAW – to decode dumps.

Teel Tech JTAG Chip-off Student Training 2In the class, students use today’s tools with features for assisting in analzying JTAG data, including UFED Physical Analyzer and IEF Forensics. Trial versions of each software are provided to students at class, along with the Riff Box and Molex connectors.

New Class Add-ons
  • New probing processes
  • Password recovery on newer devices
  • New soldering processes
  • Students learn on Z3X box, in addition to Riff
  • Information on new equipment

Laptop Minimum Requirements

We encourage students to bring their own laptops whenever possible. If this is not possible, please contact us in order to find a solution. If you do plan on bringing your own laptop, please ensure the meet the following requirements.

Laptop Minimum Requirements

  • Windows 7
  • Windows 8.x and 10.x using these instructions (turn off driver sig enforcement)
  • macOS with Bootcamp Windows 7
  • macOS with Bootcamp Windows 8.x and Win 10.x using these instructions
  • macOS alone will not work (No Virtual Machines)
  • 8GB RAM (minimum)
  • 100GB storage (minimum)
  • You must have Admin rights or have the admin password for software installation.
  • NOTE: ALL Windows updates should be done prior to class


  • Cellebrite P.A. Dongle
  • Encase, FTK, X-Ways Dongle
  • Access to a HEX editor
  • External USB 3.0 Storage Device




Description TeelTech JTAG 2.0 Mobile Forensics
Date 10.06.2019 – 14.06.2019
Place Zürich
Duration 5 days
Language English
Min. Participants 6
Max. Participants 12
Price CHF 3950.00 excl. VAT

Important Information! Classes are not confirmed until 30 days prior to course start. Please do not consider an acknowledgement letter or invoice as confirmation that a class will definitely run. Please feel free to contact us to before making travel arrangements, to confirm the class is going forward. A confirmation notice will be issued when a class is confirmed, or a cancellation notice if it will not be held.

Overview Mobile Forensics Training

Description Date Place Registration
TeelTech In-System Programming (ISP) 17.06.2019 – 21.06.2019 Zürich, Switzerland Closed
TeelTech CHIP-OFF 2.0 Forensics 24.06.2019 – 28.06.2019 Zürich, Switzerland Closed
TeelTech SQLite Forensics 08.07.2019 – 10.07.2019 Zürich, Switzerland Closed
TeelTech Advanced BootLoader/Flasherbox 01.07.2019 – 05.07.2019 Zürich, Switzerland Closed
TeelTech JTAG 2.0 Forensics 10.06.2019 – 14.06.2019 Zürich, Switzerland Closed

Mehr über unsere Trainings erfahren?