Our 5-day Essential Smartphone Forensics training is designed for Digital Forensic Investigators who have had some introduction to mobile forensics and would like to delve deeper OR anyone who’s encountered a situation where the tools they use are not getting them the data they need.
Want to run this event in-house? Enquire about running this event in-house
Interested in attending? Have a suggestion about running this event near you?
Register your interest now
Description
This class is designed to provide an in-depth practical understanding of mobile device capabilities and components, as well as their file system and native application artifacts. Students will learn some simple repair techniques and utilize open-source tools to extract data from smartphones via hands-on exercises. Students will also learn techniques and strategies for using open-source tools to supplement and corroborate the results obtained with their mobile forensics tool(s) of choice.
From evidence handling to testimony preparation, this class aims to give examiners the knowledge and skills they need to perform detailed forensic analyses and testify with confidence to their results.
In this course you’ll learn about:
- Device Hardware/Firmware/Software
- Extraction Types
- Simple Repairs (screen replacements, cable-connected components)
- Android and iOS Structures and Artifacts
- Forensic Tools and Open-Source Tools
- Application and Malware Analysis, Including App Emulation
- Using Python and SQLite with Forensic Tools
- Data Verification Considerations and Methods
- Courtroom Testimony
Prerequisites
This course is open to all digital forensic professionals.
Due to the sensitive nature of our curriculum, and industry, all potential students are subject to vetting prior to enrollment. We reserve the right to refuse registration to any person that does not meet our established criteria.
Course Itinerary
Day 1 Overview
- Device Types and Capabilities
- Evidence Handling Considerations
- Signal Blocking
- Device Components
- Tear-down hands-on exercises
- Non-solder repairs
- Screen replacement
- Cable-connected components (buttons, etc)
Day 2 Overview
- OS Overview
- Android
- iOS
- Extraction Types (review)
- Logical
- File System/Backup
- Physical
- Hardware/Firmware Basics
- How to ID CPU, memory chip, etc.
- How to ID firmware/OS version info
- Extraction Considerations
- Hardware/Firmware issues
- OS-specific features
- Advanced Android extractions
- ADB/Command-line
- ODIN/Custom Recovery
- EDL
Day 3 Overview
Artifacts and OS Structures – what is stored on the device and how can it be recovered?
- Android
- Stock app data
- 3rd-party app data
- Cloud considerations
- iOS
- Stock app data
- 3rd-party app data
- Cloud considerations
Intro to SQLite
Hands-on exercises with test device data
- Android
- iOS
- Cloud data
Day 4 Overview
Advanced Analysis (practical concepts and exercises)
- SQLite
- Python
- Hash sets
- App emulators
- Mobile device malware
- Resources
- Analysis strategies
Day 5 Overview
- Data verification
- Overview
- Methods
- Resources
- Practical exercise
- Preparation/Presentation of results
- Trial prep considerations
- Moot court practice
Evaluation Procedures:
All students receive a certificate of completion.
Included with Training
Essential Smartphone Forensics Toolkit
*Due to frequent updates and changes in equipment, actual training and class giveaways may change.
Laptop Requirements
- Windows PC with two (2) USB A ports.
- Windows OS
- macOS with Bootcamp Windows
- macOS alone will not work (No Virtual Machines)
- 8GB RAM (minimum)
- 100GB storage (minimum)
- You must have admin rights or have the admin password for software installation.
- NOTE: ALL Windows updates should be done prior to class.