San Francisco, California
London, United Kingdom
5-Day Advanced Smartphone Forensic Analysis
Developed and Taught by Eoghan Casey & Terrance Maguire
Conducting digital investigations of smartphones in the context of realistic scenarios, using specialized forensic methods and tools, guided by expert practitioners. "Hands-on learning using Cellebrite Physical Analyzer, Epilog SQLite Forensics, and Internet Evidence Finder Mobile Artifacts Module."
The usefulness of smartphones as a source of information in any investigation should never be underestimated, because they contain details about who was doing what, where and when. Smartphones are the new and improved personal computer, conveying communications and Internet access wherever we go, chronicling our private activities and geolocation details all the while. People and organizations are migrating rapidly to smartphones and other mobile devices, bringing with them an increasing quantity of digital evidence, sensitive information, and malicious attackers. These private, portable embedded systems create a substantial opportunity and challenge for forensic practitioners, and create security risks for organizations that have smartphones on their networks. Specialized methods and tools are required to extract and analyze data from smartphones, such as communications, multimedia, location information, and malware. Advanced Smartphone Forensic Analysis is crucial training for you to become an invaluable digital investigator equipped to exploit smartphones as a source of evidence and capable of responding to attacks against these devices.
- Extract more information from smartphones than any single forensic tool can provide, and recover deleted items that offenders thought were long gone
- Recover and reconstruct events relating to illegal or unauthorized activities, and provide your organization the capabilities to utilize evidence on smartphones
- Techniques and tools in the context of an overall forensic methodology, providing you with the ability to obtain and utilize digital evidence on smartphones and other mobile devices
In this training, learners are guided through investigative scenarios of increasing complexity in order to acquire the variety of technical and problem solving skills in this domain, equipping practitioners with knowledge and skills they can use immediately in their work. In addition, by teaching lessons learned from years of experience, we will help you handle common challenges in the field. This learning environment also contains supporting resources, including instructional materials covering methods and tools, a course discussion forum for collaboration, and personal mentoring by experts in the field. Learners emerge from this experience with a solid knowledge of forensic methods and tools applied to Android smartphones, and will be equipped with the skills needed to utilize digital evidence from these devices in any investigation.
This intensive hands-on course delves deeply into smartphones as a source of digital evidence, enabling practitioners to extract and analyze a wide variety of information from the most common devices. Topics covered and skills you will learn include:
Day 1: Forensic Analysis of Smartphones, Flash Memory & SQLite Databases
Any type of investigation can involve a smartphone, ranging from a source of evidence in homicides and terrorist attacks, to targets of identity theft and cyberattacks. Sex offenders have videotaped their crimes. Many vice officers and courts consider mobile devices to be an integral part of drug trafficking and dealing. Data thieves are developing malware specifically targeting smartphones. Although compact, mobile devices can contain significant digital evidence including schedules, memos, address books, e-mail messages, passwords, credit card numbers, and other personal information. As with all other specialized areas of digital forensics, a strong fundamental understanding of the underlying technology and data structures is vital for forensic examiners and investigators.
- Digital evidence on smartphones and connected systems
- Smartphone investigation method
- Forensic value of Flash memory
- Forensic analysis of SIM cards
- Data encoding on smartphones
- Recovering deleted information in SQLite databases
- Strengths and weaknesses of smartphone forensic tools
Day 2: Forensic Analysis of Android devices and Apps
Digital investigators need to understand the inner workings of Android devices and how they store data in order to extract and interpret the information they contain. To accomplish this goal, take a deep dive into Android devices using specialized smartphone forensics tools such as Autopsy, Cellebrite and IEF. We delve into the file system layout on Android devices and discuss common areas containing files of evidentiary value. Traces of user activities on Android devices are covered as well as recovery of deleted SQLite records and media files. We also perform timeline and link analysis, and other forensic reconstruction using data recovered from smartphones.
- Android forensics common challenges
- Extracting and interpreting information from Android devices
- Cracking locked and encrypted Android devices
- Interpreting file systems on Android devices
- Forensic examination of Android apps
- Performing low-level forensic examination of data structures on Android devices
- Locating information that is not generally accessible to users
- Salvaging deleted data from Android devices
- Performing advanced media carving on Android devices
- Obtaining artifacts of user activities on Android devices
- Analyzing SQLite databases on Android devices & recovering deleted information
- Reconstruct events from multiple data sources associated with Android devices
Day 3: Forensic Analysis of iOS Devices and Apps
In order to extract and interpret the information on Apple mobile iOS devices, digital investigators need to understand their inner workings and how they store data. To accomplish this goal, we delve into the file system layout on iOS devices and discuss common areas containing files of evidentiary value. Encryption, decryption, backup file parsing, traces of user activities are covered in detail.
- iOS forensics common challenges
- Extracting and interpreting information from iOS devices
- Interpreting file systems on iOS devices
- Performing low-level forensic examination of data structures on iOS devices
- Locating information that is not generally accessible to users
- Salvaging deleted data from iOS devices
- Obtaining artifacts of user activities on iOS devices
Day 4: Blackberry, Windows Phone & Capstone Investigative Scenario
Although Blackberry smartphones are well-designed to protect security and privacy, they can contain a variety of details about the user that can be useful in an investigation. In addition, given the increasing prevalence of Windows Phone/Mobile devices worldwide, it is important for forensic practitioners to understand how to locate and interpret useful information from these devices. Forensic analysts require a familiarity with interpreting and analyzing the information on Blackberry and Windows smartphones, and need to understand the limitations of existing methods for extracting data from these devices. Techniques and tools used for parsing common data structures on Blackberry and Windows devices, and recovering any deleted items.
- Extracting and interpreting information from Blackberry and Windows devices
- Interpreting file systems on Blackberry and Windows devices
- Performing low-level forensic examination of data structures on Blackberry and Windows devices
- Salvaging deleted data from Blackberry and Windows devices
- Obtaining artifacts of user activities on Blackberry and Windows devices
- Applying what you learned to a final capstone investigative scenario.
Ultimately, Advanced Smartphone Forensic Analysis will help you answer fundamental investigative questions:
- Who used a smartphone?
- What did the user do on a smartphone?
- Who did the user communicate with using a smartphone?
- Where was the smartphone located at key times?
- Details about online activities conducted using a smartphone.
- What information was deleted from a smartphone?
Orlando International Airport (MCO) (One hour driving time)
All payments must be received 7 days prior to start of the training class. Cancellations must occur 14 days prior to start of class or 50% of the training costs will be forfeited to recover losses.
NOTE: Classes are subject to cancellation if there are not at least 8 participants signed up for the class. If cancellation does occur, each participant will be notified at least two weeks prior to start of the class. Please hold off making any fights or hotel accomodations until two weeks prior to the class.
Digital Shield is NOT responsible for costs associated with cancellation of classes such as flight and hotel accomodations for participants. Cost of the training class would be reimbursed back to the participant 100%.
Point of Contact for the training –
When & Where
Digital Shield, Incorporated
Digital Shield, Incorporated (DSI) is dedicated to assist in the response, discovery, analysis, mitgation and tracking of cyber incidents as they occur within commercial and government entities. Digital Shield Security Professionals have extensive backgrounds in conducting forensic examinations, mobile device forensics, log analysis, network and physical security vulnerability assessments, and Certification and Accreditation requirements.
DSI Security Professionals are prior Law Enforcement Officers, both local and federal, prior military and security engineers in large Corporations. DSI Security Professionals have extensive experience additionally with International Investigations and have assisted government and commercial entities in areas such as North America, South America, Asia, Africa, Europe and the Middle East. All DSI security professionals hold a Top Secret Clearance or higher.
- Computer Forensics / Network Forensics / Mobile Device Forensics
- Vulnerability / Security Assessments
- Cellbrite Ultimate Certification Courses
- Custom training course based upon clients needs