Advanced Smartphone & Tablet Acquisition

4½ days


The explosion in smartphone and tablet device ownership over recent years has been a mixed blessing for digital forensic units. On the one hand, iOS and Android devices can provide a wealth of information about the owner’s communication, associates and whereabouts; but at the same time the built-in security mechanisms provided by such devices often present a significant challenge.

Course aims

Recovering data from smartphone and tablet devices requires experience in a wide range of tools and techniques in order to deal with active PINs and passwords and to ensure that the extraction has recovered vital app data. As increasing numbers of Android apps exclude themselves from the backup mechanisms used by commercial forensic tools, so mobile forensic examiners need to be able to assess the completeness of extractions and take necessary steps to recover “missing” data.

Advanced Smartphone & Tablet Acquisition is a 4½ day course designed to teach students how to bypass locks on Android, iOS and Windows Phone devices and then ensure maximum evidence recovery. Students will learn how to identify and recover evidence from PC backups of iOS devices and use the Google Android SDK to create backups of any Android device. Students gain hands-on experience of safely jailbreaking iPhone and iPad devices such that full filesystem extractions (including email) can be performed.

What you will learn

By the end of the course, students will be able to:

  • Bypass security mechanisms on iOS & Android devices
  • Use ADB commands to connect to and recover data from Android devices
  • Recover evidence from PC backups of iOS & Android devices
  • Crack Android patterns, PINs and passwords from physical extractions of locked devices
  • Explain and justify their actions in court

Who should attend?

This course is targeted at existing phone examiners who have at least 6 months experience in phone forensics. Ideally, delegates would have previously attended the Control-F Foundation in Mobile Phone Forensics (or equivalent).