All of the aforementioned techniques and available commercial tools are useful to any forensic examiner, like you, trying to get access to the data on an Android device; however, there could be situations where none of these techniques work. To obtain a complete physical image of the device, techniques such as chip-off and JTAG may be required when commercial and open source solutions fail. A short description of these techniques is included here.

While the chip-off technique removes the memory chip from a circuit and tries to read it, the JTAG technique involves probing the JTAG test access ports (TAPs) and soldering connectors to the JTAG ports in order to read data from the device memory. The chip-off technique is more destructive because, once the chip is removed from a device, it is difficult to restore the device to its original functional state. Also, expertise is needed to carefully remove the chip from the device by desoldering the chip from the circuit board. The heat required to remove the chip can also damage or destroy the data stored on that chip, which means that this technique should be used only when the data is not retrievable by open source or commercial tools or the device is damaged beyond repair. When using the JTAG technique, JTAG ports help you to access the memory chip to retrieve a physical image of the data without needing to remove the chip. To turn off screen lock on a device, you can identify where the lock code is stored in the physical memory dump, turn off the locking, and copy that data back to the device. Commercial tools, such as Cellebrite Physical Analyzer, can accept .bin files from chip-off and JTAG acquisitions and crack the lock code for you. Once the code is either manually removed or cracked, you can analyze the device using normal techniques.

In this section, we looked into various ways to bypass a screen lock on Android device. We will now learn what Android rooting is all about.