Adding JTAG Memory Dump Evidence
Posted by Jack H. Ward, Last modified by on 16 January 2017 10:09 AM

About JTAG Memory Dump Evidence

JTAG memory dump is a raw image of device physical memory created with the help of the RIFF Box (RIFF JTAG) hardware.

To investigate JTAG memory dump evidence, you need to have one of the following packages:

  • E3: Universal
  • E3: DS

You can perform text and hex searches in JTAG Memory Dump evidence and add bookmarks to it.

Adding JTAG Memory Dump Evidence

To add new JTAG Memory Dump evidence to a case:

  1. On the Evidence tab, in the Evidence group, click Add Evidence, right-click a case node and select Add New Evidence, or click Add Evidence on the Welcome screen. (If you add evidence before creating or opening a new case, the case will be created automatically and saved to the default location. The name of the case file will be case.e3).
  2. The Add New Evidence window opens.
  3. In the Category list, select Mobile Data. In the Source type list, select JTAG Memory Dump. Click OK.
  4. Navigate to the Evidence Source (a memory dump file) and select it.
  5. Enter the Evidence name (opened file name by default) and click OK
  6. The JTAG Memory Dump evidence is added to the case.
(0 vote(s))
Not helpful

Comments (0)