Posts

Foundation in Mobile Phone Forensics

4½ days

Course information

This 4½ day, entry level course is targeted at those just starting out in mobile forensics, or existing mobile device examiners who have not had the benefit of formal training.

Course aims

Foundation in Mobile Phone Forensics is a 4½ day training course designed to teach prospective or existing mobile phone examiners how to examine mobile devices in accordance with the ACPO Principles of Digital Computer Based Evidence. Without appropriate training, there is a significant risk that evidence may be lost or altered during the examination process, or that the examiner is discredited in court. The course will provide delegates with exposure to, and hands-on experience with, market leading phone forensic tools.

What you will learn

By the end of the course, students will be able to:

  • Safely retrieve evidence from SIM cards, mobile phone handsets and memory cards using forensic software tools
  • Identify key potential evidence which is not recovered by software tools and capture it in an appropriate way
  • Implement or enhance local standard operating procedures for the examination of mobile devices within their organisation
  • Explain and justify their actions in court

Who should attend?

This entry level course is targeted at those just starting out in mobile phone forensics, or existing mobile phone examiners who have not had the benefit of formal training.

Foundation in Mobile Phone Forensics

4½ days

Course information

This 4½ day, entry level course is targeted at those just starting out in mobile forensics, or existing mobile device examiners who have not had the benefit of formal training.

Course aims

Foundation in Mobile Phone Forensics is a 4½ day training course designed to teach prospective or existing mobile phone examiners how to examine mobile devices in accordance with the ACPO Principles of Digital Computer Based Evidence. Without appropriate training, there is a significant risk that evidence may be lost or altered during the examination process, or that the examiner is discredited in court. The course will provide delegates with exposure to, and hands-on experience with, market leading phone forensic tools.

What you will learn

By the end of the course, students will be able to:

  • Safely retrieve evidence from SIM cards, mobile phone handsets and memory cards using forensic software tools
  • Identify key potential evidence which is not recovered by software tools and capture it in an appropriate way
  • Implement or enhance local standard operating procedures for the examination of mobile devices within their organisation
  • Explain and justify their actions in court

Who should attend?

This entry level course is targeted at those just starting out in mobile phone forensics, or existing mobile phone examiners who have not had the benefit of formal training.

Foundation in Mobile Phone Forensics

4½ days

Course information

This 4½ day, entry level course is targeted at those just starting out in mobile forensics, or existing mobile device examiners who have not had the benefit of formal training.

Course aims

Foundation in Mobile Phone Forensics is a 4½ day training course designed to teach prospective or existing mobile phone examiners how to examine mobile devices in accordance with the ACPO Principles of Digital Computer Based Evidence. Without appropriate training, there is a significant risk that evidence may be lost or altered during the examination process, or that the examiner is discredited in court. The course will provide delegates with exposure to, and hands-on experience with, market leading phone forensic tools.

What you will learn

By the end of the course, students will be able to:

  • Safely retrieve evidence from SIM cards, mobile phone handsets and memory cards using forensic software tools
  • Identify key potential evidence which is not recovered by software tools and capture it in an appropriate way
  • Implement or enhance local standard operating procedures for the examination of mobile devices within their organisation
  • Explain and justify their actions in court

Who should attend?

This entry level course is targeted at those just starting out in mobile phone forensics, or existing mobile phone examiners who have not had the benefit of formal training.

Mobile Device Repair

4½ days

Background

Being able to safely repair damaged mobile device exhibits in-house has become increasingly important for digital forensic units. Charging problems, cracked screens, faulty buttons or damaged data ports are common issues which may prevent successful data extraction. Digital forensic units need to be able to get devices working quickly and safely in order to prevent the inevitable delays, costs and continuity complications associated with taking a device outside the organisation to be fixed.

Faced with a “dead” device, a mobile examiner needs to be able to quickly identify the fault (or faults), confirm whether the repair(s) can and should be conducted in-house and establish the risks associated in undertaking
such work. Although YouTube is awash with “how to”  videos for device repair, undertaking such work without properly understanding the risks could easily mean that a vital evidential exhibit is further damaged by the attempted repair. Not only that, such videos assume that the actual fault with the device has been reliably identified.
Digital forensic units need staff who can quickly and accurately identify faults and then select the most pragmatic means of repair.

Course aims

Mobile Device Repair is a 4½ day course designed to teach mobile device examiners how to identify and repair common faults with mobile devices which might prevent data extraction. Students will learn a systematic and efficient approach to fault finding designed to quickly identify common obstacles to data extraction. The emphasis of the training is on performing the simplest and most cost effective repair possible in order to acquire data from the device. Students will gain experience in disassembling, repairing and re-assembling Android, iPhone, Windows Phone and feature phone devices. Importantly, the course will include instruction in the soldering techniques required to replace data ports which are integrated into the main circuit board of the device.

What you will learn

By the end of the course, delegates will be able to:

  • Identify and resolve charging and battery issues with mobile devices
  • Replace glued and non-glued screens on mobile devices
  • Replace modular and soldered components on mobile devices
  • Transplant circuit boards from damaged evidential exhibits into “donor” devices to facilitate data extraction
  • Explain and justify their actions in court

Who should attend?

This course is targeted at new or existing mobile device examiners. The course includes close work with small components and therefore requires good eyesight and a steady hand. Previous experience in handset disassembly and soldering would be beneficial but not essential.

Advanced Smartphone & Tablet Acquisition

4½ days

Background

The prevalence of smartphone and tablet devices is a mixed blessing for digital forensic units. On the one hand, iPhone, iPad and Android devices can provide a wealth of information about the owner’s communication, associates and whereabouts; but at the same time the built-in security mechanisms provided by such devices often present a significant challenge.

Course aims

Many Android apps exclude themselves from the backup mechanisms used by commercial forensic tools and additionally, device manufacturers and 3rd party app developers provide easy to use app protection and data hiding features. It is increasingly important that mobile forensic examiners can assess the completeness of extractions and take necessary steps to recover missing, hidden or protected data.
Not only is data being more tightly secured within mobile devices, increasing amounts of data are being stored in the cloud, either by the device itself or by apps installed on it. Today’s forensic examiners need to be aware of the breadth and depth of data held within the cloud and how it can be recovered for evidential use.
Advanced Smartphone & Tablet Acquisition is a 4½ day course designed to teach attendees how to ensure maximum evidence recovery. Delegates will learn how to identify and recover evidence from encrypted PC backups of iOS devices and use the Google Android SDK to recover data from any Android device. Importantly, delegates will gain hands-on experience in recovering data for apps such as WhatsApp and Facebook Messenger which exclude themselves from the backup process as well as techniques for dealing with data hiding mechanisms including Samsung Secure Folder and Huawei PrivateSpace. In addition to device extraction techniques, delegates will gain practical experience in the potential benefits of, and obstacles to, recovering cloud-based data.

What you will learn

By the end of the course, students will be able to:

  • Use ADB commands to connect to and recover data from Android devices
  • Recover evidence from PC backups of iOS & Android devices
  • Extract messaging app data from Huawei devices
  • Identify the use of data hiding techniques on Android devices which may prevent data extraction via forensic tools
  • Explain and justify their actions in court

Who should attend?

This course is targeted at existing phone examiners who have at least 6 months experience in mobile device forensics. Ideally, delegates would have previously attended the Control-F Foundation in Mobile Phone Forensics (or equivalent).

App Investigator 1

Delivery format

This course will be delivered as a live online instructor-led programme lasting 5 days.

Background

Smartphone and tablet devices submitted to forensic units present a veritable treasure trove of potential evidence generated through the use of pre-installed “1st party” and user-installed 3rd party apps. Unfortunately the relentless evolution of new and existing 3rd party apps means that commercial forensic tools cannot realistically decode, interpret and report all of the data of interest to investigators.

Course aims

Android and iOS platforms both make extensive use of SQLite, a free open-source database platform, to store data relating to first and third party apps. Analysis of SQLite databases can recover live and deleted data as well as often overlooked binary data such as thumbnail images. In addition to SQLite databases, iOS devices make use of Property List (plist) files to store application data and mobile forensic examiners need to be skilled in analysing and reporting data from both file formats.

App Investigator 1 is an instructor-led online course designed to teach delegates how to recover evidence from smartphone and tablet applications. This includes first party apps, but the emphasis will be on developing skills and techniques for working with 3rd party apps which are unsupported by commercial forensic tools. Delegates will gain experience of working with data recovered from iOS and Android devices.

What you will learn

By the end of the course, students will be able to:

  • Locate view and recover evidence from SQLite databases used by smartphone applications
  • Maximise evidence recovery from SQLite databases through appropriate handling and analysis of associated Write Ahead Logging (WAL) files
  • Locate, view & recover evidence from Property List (plist) files used by iOS and associated applications
  • Manually decode smartphone apps
  • Explain and justify their actions in court

Who should attend?

This course is targeted at existing phone examiners who have at least 6 months experience in phone forensics. Ideally, delegates would have previously attended the Control-F Foundation in Mobile Phone Forensics (or equivalent).

Technical requirements

Delegates will require a webcam, speakers (or headset), dual monitors and a minimum 10MB Internet connection.

 

App Investigator 1

Delivery format

This course will be delivered as a live online instructor-led programme lasting 5 days.

Background

Smartphone and tablet devices submitted to forensic units present a veritable treasure trove of potential evidence generated through the use of pre-installed “1st party” and user-installed 3rd party apps. Unfortunately the relentless evolution of new and existing 3rd party apps means that commercial forensic tools cannot realistically decode, interpret and report all of the data of interest to investigators.

Course aims

Android and iOS platforms both make extensive use of SQLite, a free open-source database platform, to store data relating to first and third party apps. Analysis of SQLite databases can recover live and deleted data as well as often overlooked binary data such as thumbnail images. In addition to SQLite databases, iOS devices make use of Property List (plist) files to store application data and mobile forensic examiners need to be skilled in analysing and reporting data from both file formats.

App Investigator 1 is an instructor-led online course designed to teach delegates how to recover evidence from smartphone and tablet applications. This includes first party apps, but the emphasis will be on developing skills and techniques for working with 3rd party apps which are unsupported by commercial forensic tools. Delegates will gain experience of working with data recovered from iOS and Android devices.

What you will learn

By the end of the course, students will be able to:

  • Locate view and recover evidence from SQLite databases used by smartphone applications
  • Maximise evidence recovery from SQLite databases through appropriate handling and analysis of associated Write Ahead Logging (WAL) files
  • Locate, view & recover evidence from Property List (plist) files used by iOS and associated applications
  • Manually decode smartphone apps
  • Explain and justify their actions in court

Who should attend?

This course is targeted at existing phone examiners who have at least 6 months experience in phone forensics. Ideally, delegates would have previously attended the Control-F Foundation in Mobile Phone Forensics (or equivalent).

Technical requirements

Delegates will require a webcam, speakers (or headset), dual monitors and a minimum 10MB Internet connection.

 

Mobile Device Repair

4½ days

Background

Being able to safely repair damaged mobile device exhibits in-house has become increasingly important for digital forensic units. Charging problems, cracked screens, faulty buttons or damaged data ports are common issues which may prevent successful data extraction. Digital forensic units need to be able to get devices working quickly and safely in order to prevent the inevitable delays, costs and continuity complications associated with taking a device outside the organisation to be fixed.

Faced with a “dead” device, a mobile examiner needs to be able to quickly identify the fault (or faults), confirm whether the repair(s) can and should be conducted in-house and establish the risks associated in undertaking
such work. Although YouTube is awash with “how to”  videos for device repair, undertaking such work without properly understanding the risks could easily mean that a vital evidential exhibit is further damaged by the attempted repair. Not only that, such videos assume that the actual fault with the device has been reliably identified.
Digital forensic units need staff who can quickly and accurately identify faults and then select the most pragmatic means of repair.

Course aims

Mobile Device Repair is a 4½ day course designed to teach mobile device examiners how to identify and repair common faults with mobile devices which might prevent data extraction. Students will learn a systematic and efficient approach to fault finding designed to quickly identify common obstacles to data extraction. The emphasis of the training is on performing the simplest and most cost effective repair possible in order to acquire data from the device. Students will gain experience in disassembling, repairing and re-assembling Android, iPhone, Windows Phone and feature phone devices. Importantly, the course will include instruction in the soldering techniques required to replace data ports which are integrated into the main circuit board of the device.

What you will learn

By the end of the course, delegates will be able to:

  • Identify and resolve charging and battery issues with mobile devices
  • Replace glued and non-glued screens on mobile devices
  • Replace modular and soldered components on mobile devices
  • Transplant circuit boards from damaged evidential exhibits into “donor” devices to facilitate data extraction
  • Explain and justify their actions in court

Who should attend?

This course is targeted at new or existing mobile device examiners. The course includes close work with small components and therefore requires good eyesight and a steady hand. Previous experience in handset disassembly and soldering would be beneficial but not essential.

Mobile Device Repair

4½ days

Background

Being able to safely repair damaged mobile device exhibits in-house has become increasingly important for digital forensic units. Charging problems, cracked screens, faulty buttons or damaged data ports are common issues which may prevent successful data extraction. Digital forensic units need to be able to get devices working quickly and safely in order to prevent the inevitable delays, costs and continuity complications associated with taking a device outside the organisation to be fixed.

Faced with a “dead” device, a mobile examiner needs to be able to quickly identify the fault (or faults), confirm whether the repair(s) can and should be conducted in-house and establish the risks associated in undertaking
such work. Although YouTube is awash with “how to”  videos for device repair, undertaking such work without properly understanding the risks could easily mean that a vital evidential exhibit is further damaged by the attempted repair. Not only that, such videos assume that the actual fault with the device has been reliably identified.
Digital forensic units need staff who can quickly and accurately identify faults and then select the most pragmatic means of repair.

Course aims

Mobile Device Repair is a 4½ day course designed to teach mobile device examiners how to identify and repair common faults with mobile devices which might prevent data extraction. Students will learn a systematic and efficient approach to fault finding designed to quickly identify common obstacles to data extraction. The emphasis of the training is on performing the simplest and most cost effective repair possible in order to acquire data from the device. Students will gain experience in disassembling, repairing and re-assembling Android, iPhone, Windows Phone and feature phone devices. Importantly, the course will include instruction in the soldering techniques required to replace data ports which are integrated into the main circuit board of the device.

What you will learn

By the end of the course, delegates will be able to:

  • Identify and resolve charging and battery issues with mobile devices
  • Replace glued and non-glued screens on mobile devices
  • Replace modular and soldered components on mobile devices
  • Transplant circuit boards from damaged evidential exhibits into “donor” devices to facilitate data extraction
  • Explain and justify their actions in court

Who should attend?

This course is targeted at new or existing mobile device examiners. The course includes close work with small components and therefore requires good eyesight and a steady hand. Previous experience in handset disassembly and soldering would be beneficial but not essential.

Mobile Device Repair

4½ days

Background

Being able to safely repair damaged mobile device exhibits in-house has become increasingly important for digital forensic units. Charging problems, cracked screens, faulty buttons or damaged data ports are common issues which may prevent successful data extraction. Digital forensic units need to be able to get devices working quickly and safely in order to prevent the inevitable delays, costs and continuity complications associated with taking a device outside the organisation to be fixed.

Faced with a “dead” device, a mobile examiner needs to be able to quickly identify the fault (or faults), confirm whether the repair(s) can and should be conducted in-house and establish the risks associated in undertaking
such work. Although YouTube is awash with “how to”  videos for device repair, undertaking such work without properly understanding the risks could easily mean that a vital evidential exhibit is further damaged by the attempted repair. Not only that, such videos assume that the actual fault with the device has been reliably identified.
Digital forensic units need staff who can quickly and accurately identify faults and then select the most pragmatic means of repair.

Course aims

Mobile Device Repair is a 4½ day course designed to teach mobile device examiners how to identify and repair common faults with mobile devices which might prevent data extraction. Students will learn a systematic and efficient approach to fault finding designed to quickly identify common obstacles to data extraction. The emphasis of the training is on performing the simplest and most cost effective repair possible in order to acquire data from the device. Students will gain experience in disassembling, repairing and re-assembling Android, iPhone, Windows Phone and feature phone devices. Importantly, the course will include instruction in the soldering techniques required to replace data ports which are integrated into the main circuit board of the device.

What you will learn

By the end of the course, delegates will be able to:

  • Identify and resolve charging and battery issues with mobile devices
  • Replace glued and non-glued screens on mobile devices
  • Replace modular and soldered components on mobile devices
  • Transplant circuit boards from damaged evidential exhibits into “donor” devices to facilitate data extraction
  • Explain and justify their actions in court

Who should attend?

This course is targeted at new or existing mobile device examiners. The course includes close work with small components and therefore requires good eyesight and a steady hand. Previous experience in handset disassembly and soldering would be beneficial but not essential.