Cellebrite Chip-Off Forensics Training (CCOF)



5 days
Expert-level course

Course Description

Cellebrite’s Chip-Off Forensics Training (CCOF) training is an advanced-level five-day course lead by Cellebrite Certified Instructors (CCIs). During this course, participants will learn about the chip-off process using a milling process, IR Heat and polishing through the board, flash memory in mobile devices (NAND/NOR, eMMC/eMCP, UFS), methodologies, and purpose as well as understand the equipment and accessories necessary for performing successful chip-off extractions.

A written test and practical is conducted at the end of the course, and students may use any of the three techniques learned to conduct the practical. Successful completion of the written test AND practical awards the participant the CCOF Certification.

Download CCOF Syllabus
Find a CCOF Class


Course Content

sidebar image 
Chip Off Methodology
  • Describe the basic chip-off process, and why it exists
  • Identify appropriate scenarios for the use of the chip-off technique
  • Discuss advantages and disadvantages
  • Summarize critical need-to-know elements of chip-off
  • Demonstrate Android device operating system version identification
  • Explore software installation procedures needed to complete the chip-off course and lab usage
sidebar image 
Flash Memory
  • Summarize the basic operations of NAND/NOR flash memory
  • Describe the flash memory function of Wear-Leveling and FTL
  • Use Cellebrite Physical Analyzer program to view Wear-Leveling artifacts captured in a mobile device extraction
  • Learn about eMMC/eMCP and UFS memory types
  • Discuss different types of mobile device memory
sidebar image 
Tools and Equipment
  • Describe the various tools needed for chip off/subtraction techniques
  • Summarize the purpose of chip off/subtraction techniques
sidebar image 
Research and Disassembly
  • Differentiate between the appropriate and inappropriate methodologies used to extract data from mobile devices
  • Explain how to locate the memory size and OS version for a mobile device
  • Demonstrate how to safely disassemble a device for the chip subtraction process
  • Demonstrate how to research a device to implement a chip subtraction
sidebar image 
Milling Chip Off
  • Explain when to use the milling subtraction chip-off process
  • Compare and contrast the benefits and risks of milling chip-off procedures
  • Describe the equipment and setup required to safely conduct milling
  • Demonstrate the steps required to successfully complete the milling process on a chip (Practical)
sidebar image 
Adapter Imaging
  • Describe how to identify and utilize the appropriate adapter to image a memory chip
  • Explain how to properly place a memory chip into an adapter
  • Demonstrate how to use various tools to create a raw physical memory image of the chip
  • Produce an image from a memory chip using Cellebrite forensic tools
  • Discuss how to use MacOS and Linux to image a chip
  • Recount basic troubleshooting steps in the chip imaging process
sidebar image 
Z3X Pro ISP and EMates Pro
  • Describe how to install the Z3X Pro software
  • Discuss the features and uses of the E-Mate Pro Kit
  • Demonstrate how to Image an exhibit using the Z3X Pro and E-Mate Pro kit (Practical)
sidebar image 
Polishing Removal
  • Summarize the Ultrapol setup and operation processes
  • Recount how to safely prepare an evidence device for polishing
  • Demonstrate the necessary steps to polish the board away from the flash memory chip (Practical)
  • Explain the process of using a stencil to apply solder.
sidebar image 
Dediprog NuProg-E Reader
  • Install and configure the Dediprog NuProg-E programmer
  • Describe which exhibits may be read using NuProg-E
  • Recount the hardware and software utilized to read the data from a UFS memory chip
sidebar image 
IR Heat Removal
  • Describe when heat may be an option
  • Discuss precautions to consider
  • Review equipment to use
  • Demonstrate proper techniques for using IR heat to remove a chip (Practical)
sidebar image 
Introduction to Physical Analyzer
  • Complete the configuration of Cellebrite Physical Analyzer program advanced setting
  • Explore data extractions from mobile devices using the Cellebrite Physical Analyzer software
  • Demonstrate viewing data in the Physical Analyzer interface
sidebar image 
Decoding
  • Describe the dynamics of the Plug-in Chain Manager
  • Relate and explore the capabilities Plug-in Chain Manager, including customization
  • Demonstrate the fully-automated and modified application of the Plug-in Chain Manager to enhance capabilities for content decoding
Last modified: Monday, February 6, 2023, 8:10 AM