Announcing new smartphone forensics courses for 2015

We wanted to fill you in on some exciting changes to our portfolio of training courses….

Since launching our Android & BlackBerry Forensics course in 2012, we have been teaching delegates not only how to bypass protection mechanisms on both Android & BlackBerry devices but also to make sense of the data they subsequently acquire from them. In the intervening years, adoption of smartphone devices in general has continued unabated and we’ve seen Windows Phone’s market share overtake that of BlackBerry.

The security mechanisms of iOS, Android, Windows Phone and BlackBerry devices mean that all four platforms can pose challenges to forensic examiners in terms of acquisition (and each requiring different solutions!) At the same time, the analysis of data recovered from smartphones has never been more important. Forensic examiners need to know how to recover data from apps which are unsupported by commercial forensic tools; they also need to master techniques to recover deleted data from the SQLite databases used by smartphone apps.

Control-F is changing its smartphone forensics training to better reflect market trends and the needs of our customer base. In January 2015 our existing Android & BlackBerry Forensics course will be replaced by two new 4-day training courses:
* Advanced Smartphone & Tablet Acquisition
* Smartphone App Forensics

As the names suggest, one course will focus on acquisition of smartphone devices (specifically device locks, backups and associated encryption), the other will focus purely on the analysis of data from pre-installed and 3rd party applications.

Advanced Smartphone & Tablet Acquisition will cover iOS, Android & BlackBerry devices (acquisition of Windows Phone devices is covered by our JTAG Dumping for Android & Windows Phone course)

On our Smartphone App Forensics course, delegates will get to work with data recovered from all four leading smartphone platforms (iOS, Android, Windows Phone and BlackBerry).

Click the course titles above to find out more about the courses as well as locations, dates and pricing. Or contact us by phone or email.

We look forward to seeing you on the courses in 2015!

Save money and time with a Control-F Training Pass

If you’re a law enforcement customer, you might like to know that we now offer a Training Pass. Our Training Pass not only gets you more training for your money, it simplifies the purchasing process by giving you more time and flexibility in deciding which staff member to send on which course. A Control-F Training Pass can be used to book any staff member, on any of our seven courses during the 2 year lifetime of the pass.

Find out more on our Training Pass page here.

SnapChat & Windows Phone Forensics

Control-F is scheduled to deliver another of the popular F3 training days on 1st October 2014. The morning session will focus on SnapChat forensics on iOS and Android devices and the afternoon will be spent looking at recovering evidence and interpreting artefacts from Windows Phone 8 devices. The workshop will be held in Dunchurch, Warwickshire.

F3 (First Forensic Forum) is a non-profit organisation that provides a way for private sector and law enforcement practitioners working in forensic computing to meet and share experience and knowledge. Information on booking will be sent to members by the F3 secretary in due course.


2013 F3 Annual Workshop

Control-F’s stand at the F3 Annual Workshop at Tortworth (Gloucestershire, UK) on 5-7 November 2013 was a busy place to be! F3 (First Forensic Forum) is a non-profit organisation that provides a way for private sector and law enforcement practitioners working in forensic computing to meet and share experience and knowledge. The annual workshop was, as always educational and entertaining and it was great to catch up with so many of our customers

Python Scripting 1 course extended to 3 days

We ran our first Python Scripting 1 course in July where delegates with no previous programming experience learned how to write simple Python scripts to automate manual and time consuming tasks in digital forensics. We were delighted with the positive feedback from the delegates:

“Top quality instruction as usual. Well thought out course for the beginner”

The feedback we received also included an overwhelming opinion that we should extend the course to 3 days in order to allow greater consolidation of the skills being taught. We’ve listened to that advice and our next course running 10-12 December at Wyboston Lakes will be a 3 day course.

Get in touch if you would like to enquire about availability.

New JTAG course dates announced

We’re delighted to announce details of our new 4 day training course, “JTAG Dumping for Android & Windows Phone” designed to teach delegates how to recover live and deleted data from Android & Windows Phone devices (locked or unlocked and irrespective of USB Debugging being disabled on Android). In addition, delegates will gain experience in recovering swipe patterns and PINs from the memory dumps of Android devices; thereby allowing a manual examination of the device to take place. Our first course will be running in Leeds, on 13-16 January.

Delegates will learn how to connect to, and dump, devices using RIFF Box in combination with phone model specific connectors (“jigs”) as well as using hand-soldering for situations where no jig is currently available (thus ensuring delegates will be able to work with a wide range of devices on their return to the workplace).

To find out more, visit the course page on our website here.

To check availability of places, please contact us.

BlackBerry article in Digital Forensics Magazine

Control-F Managing Director Kevin Mansell has contributed an article on BlackBerry forensics to the February 2013 issue (Issue 14) of Digital Forensics Magazine. The article describes some interesting features of the FAT implementation within BlackBerry handsets as well as explaining how thumbnail image caches can be recovered from BlackBerry handsets and memory cards.

Digital Forensics Magazine is a quarterly publication available in both print and electronic versions and provides a great way of keeping up with the ever changing world of digital forensics and incident response.

Control-F at CDDF 2013 Conference

Control-F Managing Director Kevin Mansell delivered a presentation entitled “Recovering Deleted Images from BlackBerry Devices” to delegates at the Communications Data & Digital Forensics (CDDF) 2013  conference at Heathrow. In the session Kevin described techniques for maximising evidence recovery from memory cards used within BlackBerry devices.

Our 4 day Android & Blackberry Forensics training course teaches existing phone examiners how to get to gain access to security enabled devices as well as how best to exploit forensic artefacts once access has been gained. Contact us for course dates, locations and pricing (including on-site delivery).

New Python Scripting course launched

Forensic practitioners routinely encounter artefacts which are not fully decoded by their commercial forensic tools, resulting in time-consuming and laborious manual recovery and reporting. Python is a programming language that is well suited to digital forensics and specifically the automation of such manual tasks (e.g. parsing data from memory dumps and log files and then producing reports).

Python Scripting 1” is our new 2 day course designed to teach those with no prior programming experience how to write simple scripts, with an emphasis on solving real digital forensics problems such as recovering Internet artefacts from mobile phone extractions.

Dates, locations, pricing and a course flyer can all be found on our website here:

Bring “chip-off” in house

Damaged devices and password-protected BlackBerry handsets can be problematic to access, the “last resort” being costly outsourcing for de-soldering and reading of the flash memory chips (“chip-off”). Our new 4½ day “Flash Memory Chip Removal” course teaches delegates how to undertake this work in-house with tuition from one of the most experienced practitioners in this specialist field.

Phil Cocking has 7 years’ experience of performing “chip off” for a well-known UK forensics provider and has successfully removed and read hundreds of flash memory chips from password-protected BlackBerry handsets and other devices. We will be making use of specialist training facilities in Leeds (UK) which are ideally suited to the de-soldering work involved.

Find dates, pricing and more information on our website here:

We are expecting keen interest in the course and class sizes are small to ensure that delegates get maximum benefit from the training; so please give us a call on +44 (0)20 8133 8750 now if you would like to take up a place.