Essential Smartphone Forensics
Digital Forensic Training
This class is designed to provide an in-depth practical understanding of mobile device capabilities and components, as well as their file system and native application artifacts. Students will learn some simple repair techniques and utilize open-source tools to extract data from smartphones via hands-on exercises. Students will also learn techniques and strategies for using open-source tools to supplement and corroborate the results obtained with their mobile forensics tool(s) of choice. From evidence handling to testimony preparation, this class aims to give examiners the knowledge and skills they need to perform detailed forensic analyses and testify with confidence to their results.
In this course you’ll learn about:
- Device Hardware/Firmware/Software
- Extraction Types
- Simple Repairs (screen replacements, cable-connected components)
- Android and iOS Structures and Artifacts
- Forensic Tools and Open-Source Tools
- Application and Malware Analysis, Including App Emulation
- Using Python and SQLite with Forensic Tools
- Data Verification Considerations and Methods
- Courtroom Testimony
Course Information
- Course Code: AT-ESSMART
- Duration: 5 Days
- Laptop Required? Yes
- This class is open to all forensic professionals.
- *Please Note: Due to the sensitive nature of our curriculum, and industry, all potential students are subject to vetting prior to enrollment. We reserve the right to refuse registration to any person that does not meet our established criteria
- Device Types and Capabilities
- Evidence Handling Considerations
- Signal Blocking
- Device Components
- Tear-down hands-on exercises
- Non-solder repairs
- Screen replacement
- Cable-connected components (buttons, etc)
- OS Overview
- Android
- iOS
- Extraction Types (review)
- Logical
- File System/Backup
- Physical
- Hardware/Firmware Basics
- How to ID CPU, memory chip, etc.
- How to ID firmware/OS version info
- Extraction Considerations
- Hardware/Firmware issues
- OS-specific features
- Advanced Android extractions
- ADB/Command-line
- ODIN/Custom Recovery
- EDL
- Artifacts and OS Structures – what is stored on the device and how can it be recovered?
- Android
- Stock app data
- 3rd-party app data
- Cloud considerations
- iOS
- Stock app data
- 3rd-party app data
- Cloud considerations
- Android
- Intro to SQLite
- Hands-on exercises with test device data
-
- Android
- iOS
- Cloud data
-
Advanced Analysis (practical concepts and exercises)
- SQLite
- Python
- Hash sets
- App emulators
- Mobile device malware
- Resources
- Analysis strategies
- Data verification
- Overview
- Methods
- Resources
- Practical exercise
- Preparation/Presentation of results
- Trial prep considerations
- Moot court practice
Laptop Minimum Requirements
We encourage students to bring their own laptops whenever possible. If this is not possible, Teel Technologies Europe will provide one for you. If you are bringing your own laptop, please indicate it on the class registration form.
Below you will find our list of laptop requirements; please ensure the following requirements are met.
For instruction on How to Turn off Driver Signature Enforcement on Windows 8.x – 10.x, follow our easy 6 Step Guide.
Laptop Requirements
- Windows 7
- Windows 8.x and 10.x
- macOS with Bootcamp Windows 7
- macOS with Bootcamp Windows 8.x and Win 10.x
- macOS alone will not work (No Virtual Machines)
- 8GB RAM (minimum)
- 100GB storage (minimum)
- You must have admin rights or have the admin password for software installation.
- NOTE: ALL Windows updates should be done prior to class.