In-system programming (ISP) forensics is a non-destructive variation of chip-off acquisition. ISP is an advanced acquisition process that is in between JTAG and chip-off. During the acquisition process, examiners can attempt to dump the content of the eMMC memory without removing the chip. ISP acquisition is only available for devices utilizing eMMC or eMCP-style ball grid array (BGA) chips. Access to the memory is obtained through access points around the BGA chip. This acquisition process is considered non-destructive in that, if all stars align, the device can be reassembled and booted after the extraction.
eMMC ISP is used to create a binary image of the device, which can be acquired and analyzed with one of the many commercially-available forensic tools, such as UFED or Oxygen Forensic Suite.
ISP benefits include the following:
Standardized procedure for eMMC BGA chips
Considered non-destructive (device can be reassembled and booted afterwards)
Can acquire locked devices...