RSS Feed

New training tackles Android locks and encryption

September 27th, 2017

We’re extending our range of mobile forensic training in 2018 with a brand new 4½ day Defeating Android Locks & Encryption course. This advanced level course is designed to give delegates the knowledge and tools to gain access to data on locked and encrypted Android devices.

The course is aimed at teaching delegates advanced “bootloader” techniques (using TWRP and Odin) for bypassing device locks and encryption on current Android devices. The training is heavily “hands-on” with an emphasis on current Samsung devices; delegates will learn how to safely root devices such that physical extractions can be performed and vital evidence recovered.

As well as these advanced acquisition methods, delegates will learn how to develop an in-house password cracking capability using dedicated multi-GPU hardware and intelligent password cracking strategies. Delegates will gains hands-on experience cracking Android PINs, passwords and Full Disk Encryption (FDE).

Our first course runs 26 February  - 2 March 2018 at Wyboston Lakes, Bedfordshire, UK. Get in touch to check availability.

Hex analysis training is back on the menu

September 27th, 2017

We’re delighted to announce the launch of a new 3-day hex analysis training course for mobile device examiners, Demystifying Hex Data. This intermediate level course will explain hex data in simple terms and give existing mobile forensic examiners a true understanding of the data recovered and decoded by forensic software tools. Delegates will leave the course confident in navigating and carving data using a hex editor, and capable of recovering and presenting evidence which commercial forensic tools may have missed.

The course not only covers text encodings (including ASCII and Unicode), regular expressions and Endian-ness but crucially shows delegates how these concepts have practical application in tasks such as finding and then repairing unplayable 3GP/MP4 video files.

Our first scheduled course runs 29-31 January 2018 at Wyboston Lakes, Bedfordshire (UK). Get in touch to check availability.

Over 100 ‘direct eMMC’ pinout schematics on emmcpinouts.com

April 24th, 2017

Direct eMMC is a technique for securing a physical extraction of a wide variety of mobile devices including Android and Windows handsets and tablets, satnavs and even some Chromebooks. The technique involves connecting to specific points on the circuit board of the phone which are typically documented on a pinout diagram. Locating a reliable pinout diagram for the device is key to success and efficiency with the technique which is why Control-F launched emmcpinouts.com in collaboration with FoneFunShop.

emmcpinouts.com currently hosts clear and (most importantly) tested pinout diagrams for over 110 devices and it is regularly updated as we trace new devices. We’re always keen to hear about devices that you would like to see pinouts for.

Annual subscriptions offering unlimited access to the site are only 280GBP + VAT but browse the site today for free to see which devices are represented.

Get in touch if you’d like to find out how direct eMMC could help your department or how to get access to emmcpinouts.com

Samsung Galaxy S6 chip-off

April 24th, 2017

Samsung introduced UFS flash memory with the Samsung Galaxy S6 on account of it’s faster read/write speeds compared with eMMC chips. Samsung uses UFS in the S7 and will in the S8, and the technology is being adopted in flagship devices from other manufacturers. Performing chip-off on UFS flash memory is possible but requires specific equipment and variations on standard techniques.

Our 4½ Flash Memory Chip Removal training course teaches students how to safely remove and recover evidence from eMMC, UFS and proprietary flash memory chip formats. The techniques are ideally suited to locked, damaged or unsupported devices where no other practical option exists for extracting data. Students will get hands-on experience of performing chip-off on a Samsung Galaxy S6.

Here’s what delegates on our March 2017 course had to say:

  • “Probably the most I’ve learnt on any course I’ve been on.  Good group and good trainers and good learning material”
  • “Very professional and enthusiastic trainers who are a credit to the company.  I would have no hesitation in recommending this course or any other Control-F courses”

Get in touch to check availability on our next course.

Understanding Write Ahead Logging in SQLite

April 24th, 2017

Write Ahead Logging (WAL) is a mechanism used by SQLite databases to manage pending changes to their contents; such pending changes are stored initially in files with the suffix -wal. WAL files represent a potential source of key evidence as they can contain app data (e.g. messages, browser history etc.) which is not live within the main database file and therefore may be missed by some forensic software tools. Understanding WAL files and how to recover evidence from them is a key part of investigating pre-installed and 3rd party apps.

In our 4½ day Smartphone App Forensics course we teach delegates techniques for preserving the contents of WAL files and ensuring that those contents can be viewed, interpreted and presented in evidence. Get in touch to check availability on our next course.