Chip-off

Chip-off refers to the acquisition of data directly from the memory chip present in the device. At this level, the chip is physically removed from the device and a chip reader or a second phone is used to extract data stored on it. This method is more technically challenging, as a wide variety of chip types are used in mobiles. The process is expensive and requires hardware-level knowledge as it involves the desoldering and heating of the memory chip. Training is required to successfully perform a chip-off extraction. Improper procedures may damage the memory chip and render all data unsalvageable. When possible, it is recommended that the other levels of extraction are attempted prior to chip-off, since this method is destructive in nature. Also, the information that comes out of memory is in a raw format and has to be parsed, decoded, and interpreted. The chip-off method is preferred in situations where it is important to preserve the state of memory exactly as it exists on the device. It is also the only option when a device is damaged but the memory chip is intact.

The chip on a device is often read using the Joint Test Action Group (JTAG) method. The JTAG method involves connecting to Test Access Ports (TAPs) on a device and forcing the processor to transfer the raw data stored on the memory chip. The JTAG method is generally used with devices that are operational but inaccessible using standard tools. Both of these techniques also work even when the device is screen-locked.