New JTAG course dates announced

We’re delighted to announce details of our new 4 day training course, “JTAG Dumping for Android & Windows Phone” designed to teach delegates how to recover live and deleted data from Android & Windows Phone devices (locked or unlocked and irrespective of USB Debugging being disabled on Android). In addition, delegates will gain experience in recovering swipe patterns and PINs from the memory dumps of Android devices; thereby allowing a manual examination of the device to take place. Our first course will be running in Leeds, on 13-16 January.

Delegates will learn how to connect to, and dump, devices using RIFF Box in combination with phone model specific connectors (“jigs”) as well as using hand-soldering for situations where no jig is currently available (thus ensuring delegates will be able to work with a wide range of devices on their return to the workplace).

To find out more, visit the course page on our website here.

To check availability of places, please contact us.

BlackBerry article in Digital Forensics Magazine

Control-F Managing Director Kevin Mansell has contributed an article on BlackBerry forensics to the February 2013 issue (Issue 14) of Digital Forensics Magazine. The article describes some interesting features of the FAT implementation within BlackBerry handsets as well as explaining how thumbnail image caches can be recovered from BlackBerry handsets and memory cards.

Digital Forensics Magazine is a quarterly publication available in both print and electronic versions and provides a great way of keeping up with the ever changing world of digital forensics and incident response.

Control-F at CDDF 2013 Conference

Control-F Managing Director Kevin Mansell delivered a presentation entitled “Recovering Deleted Images from BlackBerry Devices” to delegates at the Communications Data & Digital Forensics (CDDF) 2013  conference at Heathrow. In the session Kevin described techniques for maximising evidence recovery from memory cards used within BlackBerry devices.

Our 4 day Android & Blackberry Forensics training course teaches existing phone examiners how to get to gain access to security enabled devices as well as how best to exploit forensic artefacts once access has been gained. Contact us for course dates, locations and pricing (including on-site delivery).

New Python Scripting course launched

Forensic practitioners routinely encounter artefacts which are not fully decoded by their commercial forensic tools, resulting in time-consuming and laborious manual recovery and reporting. Python is a programming language that is well suited to digital forensics and specifically the automation of such manual tasks (e.g. parsing data from memory dumps and log files and then producing reports).

Python Scripting 1” is our new 2 day course designed to teach those with no prior programming experience how to write simple scripts, with an emphasis on solving real digital forensics problems such as recovering Internet artefacts from mobile phone extractions.

Dates, locations, pricing and a course flyer can all be found on our website here: www.controlf.net/training/ps1

Bring “chip-off” in house

Damaged devices and password-protected BlackBerry handsets can be problematic to access, the “last resort” being costly outsourcing for de-soldering and reading of the flash memory chips (“chip-off”). Our new 4½ day “Flash Memory Chip Removal” course teaches delegates how to undertake this work in-house with tuition from one of the most experienced practitioners in this specialist field.

Phil Cocking has 7 years’ experience of performing “chip off” for a well-known UK forensics provider and has successfully removed and read hundreds of flash memory chips from password-protected BlackBerry handsets and other devices. We will be making use of specialist training facilities in Leeds (UK) which are ideally suited to the de-soldering work involved.

Find dates, pricing and more information on our website here: www.controlf.net/training/fmcr

We are expecting keen interest in the course and class sizes are small to ensure that delegates get maximum benefit from the training; so please give us a call on +44 (0)20 8133 8750 now if you would like to take up a place.

List of built-in mobile phone web browsers

Built-in web browsers have existed on mobile phone handsets for many years before the iPhone came along and brought mobile phone Internet browsing to the masses. Internet artefacts can prove a rich source of evidence but can sometimes be overlooked during an investigation; either because the examiner didn’t know that such artefacts could be recovered or didn’t know how to find and interpret them.

Our new Built-in Mobile Phone Web Browsers page provides details on which web browser is pre-installed on which handset model (something which is often less than obvious!). The page also points examiners to where within the device’s file system the artefacts are located.

Our Phone Forensics Deconstructed training course teaches mobile phone examiners how to find, recover and interpret Internet artefacts from mobile phones.

The value of skills training

Our eye was caught recently by the editorial section of Digital Investigation journal (Vol 8, Issue 1, 2011, p2)

“Although it is important for practitioners to be conversant with forensic tools, training programs that concentrate on commercial off-the-shelf (COTS) forensic products are generally insufficient. An effective training program develops core competencies in digital forensics, and teaches practitioners to combine various existing tools and methods…….Although training that concentrates on commercial off-the-shelf forensic tools enables practitioners to perform certain routine tasks, digital investigators need to appreciate the limitations of each tool and have versatility in using multiple tools.

Hear hear!

At Control-F we believe passionately that digital forensics training is about more than knowing which buttons to click. We think digital forensic analysts need to understand underlying principles first and then introduce them to tools which will implement and automate those principles and processes (thereby making the forensic analyst more efficient).

Our vendor-neutral training courses utilise multiple tools from different vendors; we assess the value of different products during our research and course development and only include products on our courses which we trust. Any products which appear in our training courses are there because of their usefulness; we don’t get paid to include tools in our courses (although our customers often receive discounts for those products by attending our training!)

As the American essayist Ralph Waldo Emerson once said

“As to methods there may be a million and then some, but principles are few. The man who grasps principles can successfully select his own methods. The man who tries methods, ignoring principles, is sure to have trouble.”

Control-F at ICDDF 2012

Control-F Managing Director Kevin Mansell presented at the International Communications Data & Digital Forensics Seminar (ICDDF) 2012 at London Heathrow on Monday March 26th. Kevin talked about about the challenges posed for phone examiners by the 7-bit encoding of SMS messages, particularly when trying to identify and recover SMS from hex dumps of mobile handsets. During his well attended session, Kevin also provided practical advice to those in the audience for finding and recovering SMS effectively.

Our Phone Forensics Deconstructed course teaches delegates about the structure of SMS messages at a bits and bytes level, giving them the knowledge and skills they need to be able to search for, recover and interpret live and deleted SMS from hex dumps of a multitude of handset models.

Recover deleted data from Nokia BB5 handsets

Recovering deleted data from the BB5 series of Nokia handsets has long proved troublesome….until now. Control-F’s Flasher Box Forensics training course now teaches students how to safely recover deleted data from BB5 handsets such as the popular Nokia 6300, 6500 Classic, 6500 Slide and many more (without the need for physical chip removal!). In addition, students will learn how to access security code protected handsets, recover security code details and gain unrestricted access to the handset (such that a logical extraction can be performed).

Contact us now to book on our next scheduled course in May, or to enquire about running the course at your location.

Scheduled entry-level phone forensics training at Wyboston Lakes

Control-F is delighted to announce that it is running scheduled entry-level phone forensics training at Wyboston Lakes in the form of our Foundation in Mobile Phone Forensics course. Our next course runs on 23-27th April 2012 and is open to law enforcement and private sector delegates.

Foundation in Mobile Phone Forensics is a 4½ day course designed for those just starting out in mobile phone forensics (or existing examiners who have not had the benefit of formal training). The course is highly practical with delegates gaining hands-on experience with market leading forensic tools as they work through a series of realistic scenarios. Students are taught the theory and the practical sides of recovering evidence from handsets, SIM cards and memory cards.

By attending Control-F training courses, delegates will be exposed to forensic tools and products from a range of vendors (including many free utilities); thereby allowing them to compare and contrast their performance and quantify their benefit to their unit or department. All Control-F training is built around the ACPO Principles of Computer Based Digital Evidence so that customers can be assured that what is being taught is consistent with internationally recognised good practice in digital forensics.

At Control-F we know that there will be many occasions when delegates have returned to the workplace and will need to refer back to a topic that was covered on the course. For that reason students attending Foundation in Mobile Phone Forensics receive high quality printed & electronic training materials which include a 95 page book (fully referenced and written specifically to accompany the course).

Contact us today to enquire about availability and pricing.