Recover live & deleted data from Windows Phone devices

Windows Phone devices like the Nokia Lumia range are increasingly popular and can be tricky to acquire via a USB data cable. The good news however is that full physical extractions of many Windows Phone devices can be obtained via the JTAG interface (using connections on the circuit board of the device).

Delegates on our JTAG Dumping for Android & Windows Phone course learn how to safely disassemble handsets and dump the contents of their flash memory using RIFF Box. Delegates then gain hands on experience in the recovery of evidence from those dumps.

JTAG dumping is also an ideal solution for dealing with locked Android handsets where USB Debugging is disabled. Delegates leave the course able to perform physical extractions of such devices and (crucially) recover pattern, PIN and passwords from those dumps such that the devices can be accessed manually and data cable extractions performed.

Dates, locations and pricing can be found on the course page here.

Contact us to check availability.

Announcing new smartphone forensics courses for 2015

We wanted to fill you in on some exciting changes to our portfolio of training courses….

Since launching our Android & BlackBerry Forensics course in 2012, we have been teaching delegates not only how to bypass protection mechanisms on both Android & BlackBerry devices but also to make sense of the data they subsequently acquire from them. In the intervening years, adoption of smartphone devices in general has continued unabated and we’ve seen Windows Phone’s market share overtake that of BlackBerry.

The security mechanisms of iOS, Android, Windows Phone and BlackBerry devices mean that all four platforms can pose challenges to forensic examiners in terms of acquisition (and each requiring different solutions!) At the same time, the analysis of data recovered from smartphones has never been more important. Forensic examiners need to know how to recover data from apps which are unsupported by commercial forensic tools; they also need to master techniques to recover deleted data from the SQLite databases used by smartphone apps.

Control-F is changing its smartphone forensics training to better reflect market trends and the needs of our customer base. In January 2015 our existing Android & BlackBerry Forensics course will be replaced by two new 4-day training courses:
* Advanced Smartphone & Tablet Acquisition
* Smartphone App Forensics

As the names suggest, one course will focus on acquisition of smartphone devices (specifically device locks, backups and associated encryption), the other will focus purely on the analysis of data from pre-installed and 3rd party applications.

Advanced Smartphone & Tablet Acquisition will cover iOS, Android & BlackBerry devices (acquisition of Windows Phone devices is covered by our JTAG Dumping for Android & Windows Phone course)

On our Smartphone App Forensics course, delegates will get to work with data recovered from all four leading smartphone platforms (iOS, Android, Windows Phone and BlackBerry).

Click the course titles above to find out more about the courses as well as locations, dates and pricing. Or contact us by phone or email.

We look forward to seeing you on the courses in 2015!

Save money and time with a Control-F Training Pass

If you’re a law enforcement customer, you might like to know that we now offer a Training Pass. Our Training Pass not only gets you more training for your money, it simplifies the purchasing process by giving you more time and flexibility in deciding which staff member to send on which course. A Control-F Training Pass can be used to book any staff member, on any of our seven courses during the 2 year lifetime of the pass.

Find out more on our Training Pass page here.

SnapChat & Windows Phone Forensics

Control-F is scheduled to deliver another of the popular F3 training days on 1st October 2014. The morning session will focus on SnapChat forensics on iOS and Android devices and the afternoon will be spent looking at recovering evidence and interpreting artefacts from Windows Phone 8 devices. The workshop will be held in Dunchurch, Warwickshire.

F3 (First Forensic Forum) is a non-profit organisation that provides a way for private sector and law enforcement practitioners working in forensic computing to meet and share experience and knowledge. Information on booking will be sent to members by the F3 secretary in due course.


2013 F3 Annual Workshop

Control-F’s stand at the F3 Annual Workshop at Tortworth (Gloucestershire, UK) on 5-7 November 2013 was a busy place to be! F3 (First Forensic Forum) is a non-profit organisation that provides a way for private sector and law enforcement practitioners working in forensic computing to meet and share experience and knowledge. The annual workshop was, as always educational and entertaining and it was great to catch up with so many of our customers

Python Scripting 1 course extended to 3 days

We ran our first Python Scripting 1 course in July where delegates with no previous programming experience learned how to write simple Python scripts to automate manual and time consuming tasks in digital forensics. We were delighted with the positive feedback from the delegates:

“Top quality instruction as usual. Well thought out course for the beginner”

The feedback we received also included an overwhelming opinion that we should extend the course to 3 days in order to allow greater consolidation of the skills being taught. We’ve listened to that advice and our next course running 10-12 December at Wyboston Lakes will be a 3 day course.

Get in touch if you would like to enquire about availability.

New JTAG course dates announced

We’re delighted to announce details of our new 4 day training course, “JTAG Dumping for Android & Windows Phone” designed to teach delegates how to recover live and deleted data from Android & Windows Phone devices (locked or unlocked and irrespective of USB Debugging being disabled on Android). In addition, delegates will gain experience in recovering swipe patterns and PINs from the memory dumps of Android devices; thereby allowing a manual examination of the device to take place. Our first course will be running in Leeds, on 13-16 January.

Delegates will learn how to connect to, and dump, devices using RIFF Box in combination with phone model specific connectors (“jigs”) as well as using hand-soldering for situations where no jig is currently available (thus ensuring delegates will be able to work with a wide range of devices on their return to the workplace).

To find out more, visit the course page on our website here.

To check availability of places, please contact us.

BlackBerry article in Digital Forensics Magazine

Control-F Managing Director Kevin Mansell has contributed an article on BlackBerry forensics to the February 2013 issue (Issue 14) of Digital Forensics Magazine. The article describes some interesting features of the FAT implementation within BlackBerry handsets as well as explaining how thumbnail image caches can be recovered from BlackBerry handsets and memory cards.

Digital Forensics Magazine is a quarterly publication available in both print and electronic versions and provides a great way of keeping up with the ever changing world of digital forensics and incident response.

Control-F at CDDF 2013 Conference

Control-F Managing Director Kevin Mansell delivered a presentation entitled “Recovering Deleted Images from BlackBerry Devices” to delegates at the Communications Data & Digital Forensics (CDDF) 2013  conference at Heathrow. In the session Kevin described techniques for maximising evidence recovery from memory cards used within BlackBerry devices.

Our 4 day Android & Blackberry Forensics training course teaches existing phone examiners how to get to gain access to security enabled devices as well as how best to exploit forensic artefacts once access has been gained. Contact us for course dates, locations and pricing (including on-site delivery).

New Python Scripting course launched

Forensic practitioners routinely encounter artefacts which are not fully decoded by their commercial forensic tools, resulting in time-consuming and laborious manual recovery and reporting. Python is a programming language that is well suited to digital forensics and specifically the automation of such manual tasks (e.g. parsing data from memory dumps and log files and then producing reports).

Python Scripting 1” is our new 2 day course designed to teach those with no prior programming experience how to write simple scripts, with an emphasis on solving real digital forensics problems such as recovering Internet artefacts from mobile phone extractions.

Dates, locations, pricing and a course flyer can all be found on our website here: