I would like to underline that the two things fall into two very different categories (IMHO).

The JTAG is essentially "software" and the "hardware side" of it is minimal, little less than being able to open the device is needed.

The chip-off is at the same time "hardware" AND "software", but the kind of experience/knowledge you need is more belonging to "hardware" (or at least this part is essential to avoid making a disaster).

What I mean is that if I had to hire two guys (with no specific experience with JTAG or chip-off) I would choose them preferably:

• for the JTAG someone with previous programming experience
• for the chip-off someone with some previous experience as an electronics repairman

And yes I do know quite a few brilliant and experienced, capable electronic engineers, with a higher level of education, that simply don't know which side of a soldering iron is the handle (and this DOES make a difference when it is on ).

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

There are different problems with each, in my experience.

With JTAG/SPI/I2C, finding the test points is the hardest part. Minor headache is interpreting the resulting data dumps.

With chip-off the concern are untangling the "translation" layers and sometimes encryption of the dump, minor problem is getting the pin-out for unknown chips.

But, no disagreement with you or Bob.

By the way, I almost made it to your class in DE, Bob, but I think my boss just nixed it  

So i can use a J-TAG box to take a dump of a locked phone and then use Xtract (XRY) to interpret the results and find out the code? what other useful things i can extract from the dump?  

You can recover deleted items as you will have a physical acquisition of the flash memory. Some tools like Cellebrite P.A. and XRY Complete will parse out the password, you can also use the CCL Forensics Python scripts to get them. Some of the JTAG tools will put the physical dump into a logical file system for you and you can export out the SQLite Databases for pretty much anything and recover data form call logs, text messages, contact, user data from applications, phone setting, gps and other location type data, and much much more..... (-: I sound like a commercial (-: As you have a physical dump, the items you can recover are endless. More so with Chipoff and it goes a bit deeper and the Pare Area is in place to allow Cellebrite P.A. and XRY Complete to rebuilt the logical file system on supported phones. Getting the deleted data form the physical dump can take some time, you need to use techniques to find the data and then decode it at the HEX Level to get date and time stamps, attributes, details (eg. incoming, outgoing, dialed, missed etc.) and other information related to the artifact you have found, again time consuming be very rewarding......