Essential Smartphone Forensics

Our new 5-day Essential Smartphone Forensics training is designed for Digital Forensic Investigators who have had some introduction to mobile forensics and would like to delve deeper OR anyone who’s encountered a situation where the tools they use are not getting them the data they need.

This class is designed to provide an in-depth practical understanding of mobile device capabilities and components, as well as their file system and native application artifacts. Students will learn some simple repair techniques and utilize open-source tools to extract data from smartphones via hands-on exercises. Students will also learn techniques and strategies for using open-source tools to supplement and corroborate the results obtained with their mobile forensics tool(s) of choice.

From evidence handling to testimony preparation, this class aims to give examiners the knowledge and skills they need to perform detailed forensic analyses and testify with confidence to their results.

Course Outline


Day 1

  • Device Types and Capabilities
  • Evidence Handling Considerations
  • Signal Blocking
  • Device Components
  • Tear-down hands-on exercises
  • Non-solder repairs
    • Screen replacement
    • Cable-connected components (buttons, etc)

 

Day 2

  • OS Overview
    • Android
    • iOS
  • Extraction Types (review)
    • Logical
    • File System/Backup
    • Physical
  • Hardware/Firmware Basics
    • How to ID CPU, memory chip, etc.
    • How to ID firmware/OS version info
  • Extraction Considerations
    • Hardware/Firmware issues
    • OS-specific features
  • Advanced Android extractions
    • ADB/Command-line
    • ODIN/Custom Recovery
    • EDL

Day 3


Artifacts and OS Structures – what is stored on the device and how can it be recovered?

  • Android
    • Stock app data
    • 3rd-party app data
    • Cloud considerations
  • iOS
    • Stock app data
    • 3rd-party app data
    • Cloud considerations

Intro to SQLite

Hands-on exercises with test device data

  • Android
  • iOS
  • Cloud data

Day 4


Advanced Analysis (practical concepts and exercises)

  • SQLite
  • Python
  • Hash sets
  • App emulators
  • Mobile device malware
    • Resources
    • Analysis strategies

 

Day 5

  • Data verification
  • Overview
  • Methods
  • Resources
  • Practical exercise
    • Preparation/Presentation of results
    • Trial prep considerations
    • Moot court practice

 

In this course you’ll learn about:

  • Device Hardware/Firmware/Software
  • Extraction Types
  • Simple Repairs (screen replacements, cable-connected components)
  • Android and iOS Structures and Artifacts
  • Forensic Tools and Open-Source Tools
  • Application and Malware Analysis, Including App Emulation
  • Using Python and SQLite with Forensic Tools
  • Data Verification Considerations and Methods
  • Courtroom Testimony



Laptop Requirements:

  • Windows 7
  • macOS with Bootcamp Windows
  • macOS alone will not work (No Virtual Machines)
  • 8GB RAM (minimum)
  • 100GB storage (minimum)
  • You must have admin rights or have the admin password for software installation.
  • NOTE: ALL Windows updates should be done prior to class