Essential Smartphone Forensics

Our 5-day Essential Smartphone Forensics training is designed for Digital Forensic Investigators who have had some introduction to mobile forensics and would like to delve deeper OR anyone who’s encountered a situation where the tools they use are not getting them the data they need.

Description

This class is designed to provide an in-depth practical understanding of mobile device capabilities and components, as well as their file system and native application artifacts. Students will learn some simple repair techniques and utilize open-source tools to extract data from smartphones via hands-on exercises. Students will also learn techniques and strategies for using open-source tools to supplement and corroborate the results obtained with their mobile forensics tool(s) of choice.

From evidence handling to testimony preparation, this class aims to give examiners the knowledge and skills they need to perform detailed forensic analyses and testify with confidence to their results.

In this course you’ll learn about:

  • Device Hardware/Firmware/Software
  • Extraction Types
  • Simple Repairs (screen replacements, cable-connected components)
  • Android and iOS Structures and Artifacts
  • Forensic Tools and Open-Source Tools
  • Application and Malware Analysis, Including App Emulation
  • Using Python and SQLite with Forensic Tools
  • Data Verification Considerations and Methods
  • Courtroom Testimony

Prerequisites

This course is open to all digital forensic professionals.

Due to the sensitive nature of our curriculum, and industry, all potential students are subject to vetting prior to enrollment. We reserve the right to refuse registration to any person that does not meet our established criteria.

Course Itinerary

Day 1 Overview

  • Device Types and Capabilities
  • Evidence Handling Considerations
  • Signal Blocking
  • Device Components
  • Tear-down hands-on exercises
  • Non-solder repairs
    • Screen replacement
    • Cable-connected components (buttons, etc)

Day 2 Overview

  • OS Overview
    • Android
    • iOS
  • Extraction Types (review)
    • Logical
    • File System/Backup
    • Physical
  • Hardware/Firmware Basics
    • How to ID CPU, memory chip, etc.
    • How to ID firmware/OS version info
  • Extraction Considerations
    • Hardware/Firmware issues
    • OS-specific features
  • Advanced Android extractions
    • ADB/Command-line
    • ODIN/Custom Recovery
    • EDL

Day 3 Overview

Artifacts and OS Structures – what is stored on the device and how can it be recovered?

  • Android
    • Stock app data
    • 3rd-party app data
    • Cloud considerations
  • iOS
    • Stock app data
    • 3rd-party app data
    • Cloud considerations

Intro to SQLite

Hands-on exercises with test device data

  • Android
  • iOS
  • Cloud data

Day 4 Overview

Advanced Analysis (practical concepts and exercises)

  • SQLite
  • Python
  • Hash sets
  • App emulators
  • Mobile device malware
    • Resources
    • Analysis strategies

Day 5 Overview

  • Data verification
  • Overview
  • Methods
  • Resources
  • Practical exercise
    • Preparation/Presentation of results
    • Trial prep considerations
    • Moot court practice

Evaluation Procedures:

All students receive a certificate of completion.

Included with Training

Essential Smartphone Forensics Toolkit

*Due to frequent updates and changes in equipment, actual training and class giveaways may change.

Laptop Requirements

Digital Forensics Google Group

  • Windows PC with two (2) USB A ports.
  • Windows OS
  • macOS with Bootcamp Windows
  • macOS alone will not work (No Virtual Machines)
  • 8GB RAM (minimum)
  • 100GB storage (minimum)
  • You must have admin rights or have the admin password for software installation.
  • NOTE: ALL Windows updates should be done prior to class.

Similar courses

This in-depth 5-day training course will provide students with an elevated understanding of advanced acquisition and decoding techniques of data recovered from vehicle infotainment and navigation systems, as well as other electronic control units, using advanced data recovery and decoding techniques like Chip-off and ISP.

More Information

Dive Into The World of Embedded Hardware Forensics! The Teel Technologies 5-day Embedded Hardware Acquisition & Analysis Forensic Training will focus on processes that examiners can use to access digital data at the logical and physical levels from sources that include: IoT, Smart TV's, Vehicle Systems, Skimmers/Shimmers, and almost every other device that utilizes a main board, controller chip and some forms of flash memory.

More Information

This course was developed with the ever-changing field of digital forensics in mind. No longer can we rely on just commercial tools and automated processes. Now more than ever, it is important to be able to diagnose inoperable devices and perform device repairs at the board level so we can obtain our data extractions.

More Information

In this 5-day class, participants will gain an in-depth understanding of today’s most useful and effective Flasher Boxes and Bootloader utilities to unlock and acquire mobile device memory. Applicable to both high-end Android devices, such as the Samsung and similar, down to the low-end devices from manufacturers such as BLU and others that use the low-cost MediaTek and Chinese chipsets, such tools and techniques enable examiners to expand their options when addressing such devices.

More Information

In the Teel Technologies 5-Day JTAG 2.0 Forensics course, students learn the latest techniques for accessing mobile devices using the JTAG technique for data recovery and device unlocking; the latest about today’s memory, and where JTAG is useful for data recovery from mobile phones and other devices.

More Information