SQLite everywhere!

Smartphone devices use SQLite databases to store calls, contacts and SMS but more importantly, 3rd party app data too. Understanding how to find, recover and report evidence from SQLite databases is essential for today’s mobile forensic examiners.

Our 4½ day Smartphone App Forensics course teaches delegates how to get the most from SQLite databases recovered from iOS, Android, BlackBerry and Windows Phone 8 devices. Students will get hands-on experience of generating reports for unsupported apps and recovering deleted app data which commercial forensic tools may miss.

Our next course runs at Wyboston Lakes (UK) on 4-8 January 2016. Contact us now to check availability.

Advanced Smartphone & Tablet Acquisition course success

Our new Advanced Smartphone & Tablet Acquisition course launched in February and we’ve had great feedback from delegates:

“Excellent course, extremely enjoyable”

“Very useful, very informative.  Excellent trainers”

Based on delegate feedback we have extended the course to 4½ days to give attendees more time to put into practice what they have learned.

Students learn how to bypass security mechanisms on Android, iOS and BlackBerry devices as well as exploit device backups to recover key evidence. We have limited places available on the next course running 16-20 November at Wyboston Lakes (UK)

Recover live & deleted data from Windows Phone devices

Windows Phone devices like the Nokia Lumia range are increasingly popular and can be tricky to acquire via a USB data cable. The good news however is that full physical extractions of many Windows Phone devices can be obtained via the JTAG interface (using connections on the circuit board of the device).

Delegates on our JTAG Dumping for Android & Windows Phone course learn how to safely disassemble handsets and dump the contents of their flash memory using RIFF Box. Delegates then gain hands on experience in the recovery of evidence from those dumps.

JTAG dumping is also an ideal solution for dealing with locked Android handsets where USB Debugging is disabled. Delegates leave the course able to perform physical extractions of such devices and (crucially) recover pattern, PIN and passwords from those dumps such that the devices can be accessed manually and data cable extractions performed.

Dates, locations and pricing can be found on the course page here.

Contact us to check availability.

Announcing new smartphone forensics courses for 2015

We wanted to fill you in on some exciting changes to our portfolio of training courses….

Since launching our Android & BlackBerry Forensics course in 2012, we have been teaching delegates not only how to bypass protection mechanisms on both Android & BlackBerry devices but also to make sense of the data they subsequently acquire from them. In the intervening years, adoption of smartphone devices in general has continued unabated and we’ve seen Windows Phone’s market share overtake that of BlackBerry.

The security mechanisms of iOS, Android, Windows Phone and BlackBerry devices mean that all four platforms can pose challenges to forensic examiners in terms of acquisition (and each requiring different solutions!) At the same time, the analysis of data recovered from smartphones has never been more important. Forensic examiners need to know how to recover data from apps which are unsupported by commercial forensic tools; they also need to master techniques to recover deleted data from the SQLite databases used by smartphone apps.

Control-F is changing its smartphone forensics training to better reflect market trends and the needs of our customer base. In January 2015 our existing Android & BlackBerry Forensics course will be replaced by two new 4-day training courses:
* Advanced Smartphone & Tablet Acquisition
* Smartphone App Forensics

As the names suggest, one course will focus on acquisition of smartphone devices (specifically device locks, backups and associated encryption), the other will focus purely on the analysis of data from pre-installed and 3rd party applications.

Advanced Smartphone & Tablet Acquisition will cover iOS, Android & BlackBerry devices (acquisition of Windows Phone devices is covered by our JTAG Dumping for Android & Windows Phone course)

On our Smartphone App Forensics course, delegates will get to work with data recovered from all four leading smartphone platforms (iOS, Android, Windows Phone and BlackBerry).

Click the course titles above to find out more about the courses as well as locations, dates and pricing. Or contact us by phone or email.

We look forward to seeing you on the courses in 2015!

Save money and time with a Control-F Training Pass

If you’re a law enforcement customer, you might like to know that we now offer a Training Pass. Our Training Pass not only gets you more training for your money, it simplifies the purchasing process by giving you more time and flexibility in deciding which staff member to send on which course. A Control-F Training Pass can be used to book any staff member, on any of our seven courses during the 2 year lifetime of the pass.

Find out more on our Training Pass page here.

SnapChat & Windows Phone Forensics

Control-F is scheduled to deliver another of the popular F3 training days on 1st October 2014. The morning session will focus on SnapChat forensics on iOS and Android devices and the afternoon will be spent looking at recovering evidence and interpreting artefacts from Windows Phone 8 devices. The workshop will be held in Dunchurch, Warwickshire.

F3 (First Forensic Forum) is a non-profit organisation that provides a way for private sector and law enforcement practitioners working in forensic computing to meet and share experience and knowledge. Information on booking will be sent to members by the F3 secretary in due course.

 

2013 F3 Annual Workshop

Control-F’s stand at the F3 Annual Workshop at Tortworth (Gloucestershire, UK) on 5-7 November 2013 was a busy place to be! F3 (First Forensic Forum) is a non-profit organisation that provides a way for private sector and law enforcement practitioners working in forensic computing to meet and share experience and knowledge. The annual workshop was, as always educational and entertaining and it was great to catch up with so many of our customers

Python Scripting 1 course extended to 3 days

We ran our first Python Scripting 1 course in July where delegates with no previous programming experience learned how to write simple Python scripts to automate manual and time consuming tasks in digital forensics. We were delighted with the positive feedback from the delegates:

“Top quality instruction as usual. Well thought out course for the beginner”

The feedback we received also included an overwhelming opinion that we should extend the course to 3 days in order to allow greater consolidation of the skills being taught. We’ve listened to that advice and our next course running 10-12 December at Wyboston Lakes will be a 3 day course.

Get in touch if you would like to enquire about availability.

New JTAG course dates announced

We’re delighted to announce details of our new 4 day training course, “JTAG Dumping for Android & Windows Phone” designed to teach delegates how to recover live and deleted data from Android & Windows Phone devices (locked or unlocked and irrespective of USB Debugging being disabled on Android). In addition, delegates will gain experience in recovering swipe patterns and PINs from the memory dumps of Android devices; thereby allowing a manual examination of the device to take place. Our first course will be running in Leeds, on 13-16 January.

Delegates will learn how to connect to, and dump, devices using RIFF Box in combination with phone model specific connectors (“jigs”) as well as using hand-soldering for situations where no jig is currently available (thus ensuring delegates will be able to work with a wide range of devices on their return to the workplace).

To find out more, visit the course page on our website here.

To check availability of places, please contact us.

BlackBerry article in Digital Forensics Magazine

Control-F Managing Director Kevin Mansell has contributed an article on BlackBerry forensics to the February 2013 issue (Issue 14) of Digital Forensics Magazine. The article describes some interesting features of the FAT implementation within BlackBerry handsets as well as explaining how thumbnail image caches can be recovered from BlackBerry handsets and memory cards.

Digital Forensics Magazine is a quarterly publication available in both print and electronic versions and provides a great way of keeping up with the ever changing world of digital forensics and incident response.