5-day Essential Smartphone Forensics

TeelTech New 5-day Essential Smartphone Forensics training is designed for Digital Forensic Investigators who have had some introduction to mobile forensics and would like to delve deeper OR anyone who’s encountered a situation where the tools they use are not getting them the data they need.

This class is designed to provide an in-depth practical understanding of mobile device capabilities and components, as well as their file system and native application artifacts. Students will learn some simple repair techniques and utilize open-source tools to extract data from smartphones via hands-on exercises. Students will also learn techniques and strategies for using open-source tools to supplement and corroborate the results obtained with their mobile forensics tool(s) of choice.

From evidence handling to testimony preparation, this class aims to give examiners the knowledge and skills they need to perform detailed forensic analyses and testify with confidence to their results.

 

In this course you’ll learn about:

  • Device Hardware/Firmware/Software
  • Extraction Types
  • Simple Repairs (screen replacements, cable-connected components)
  • Android and iOS Structures and Artifacts
  • Forensic Tools and Open-Source Tools
  • Application and Malware Analysis, Including App Emulation
  • Using Python and SQLite with Forensic Tools
  • Data Verification Considerations and Methods
  • Courtroom Testimony
smart-phone-forensics

Course Outline

Day 1
  • Device Types and Capabilities
  • Evidence Handling Considerations
  • Signal Blocking
  • Device Components
  • Tear-down hands-on exercises
  • Non-solder repairs
    • Screen replacement
    • Cable-connected components (buttons, etc)
Day 2
  • OS Overview
    • Android
    • iOS
  • Extraction Types (review)
    • Logical
    • File System/Backup
    • Physical
  • Hardware/Firmware Basics
    • How to ID CPU, memory chip, etc.
    • How to ID firmware/OS version info
  • Extraction Considerations
    • Hardware/Firmware issues
    • OS-specific features
  • Advanced Android extractions
    • ADB/Command-line
    • ODIN/Custom Recovery
    • EDL
Day 3

Artifacts and OS Structures – what is stored on the device and how can it be recovered?

  • Android
    • Stock app data
    • 3rd-party app data
    • Cloud considerations
  • iOS
    • Stock app data
    • 3rd-party app data
    • Cloud considerations

Intro to SQLite

Hands-on exercises with test device data

    • Android
    • iOS
    • Cloud data
Day 4

Advanced Analysis (practical concepts and exercises)

  • SQLite
  • Python
  • Hash sets
  • App emulators
  • Mobile device malware
    • Resources
    • Analysis strategies
Day 5
  • Data verification
  • Overview
  • Methods
  • Resources
  • Practical exercise
    • Preparation/Presentation of results
    • Trial prep considerations
    • Moot court practice

Laptop Minimum Requirements

We encourage students to bring their own laptops whenever possible. If this is not possible, please contact us in order to find a solution. If you do plan on bringing your own laptop, please ensure the meet the following requirements.

Laptop Minimum Requirements

  • Windows 7
  • Windows 8.x and 10.x using these instructions (turn off driver sig enforcement)
  • macOS with Bootcamp Windows 7
  • macOS with Bootcamp Windows 8.x and Win 10.x using these instructions
  • macOS alone will not work (No Virtual Machines)
  • 8GB RAM (minimum)
  • 100GB storage (minimum)
  • You must have Admin rights or have the admin password for software installation.
  • NOTE: ALL Windows updates should be done prior to class

 

 

Registration

Description TeelTech Essential Smartphone Forensics
Date 13.01.2020 – 17.01.2020
01.06.2020 – 05.06.2020
Place Zürich (Uster)
Duration 5 days
Language English
Min. Participants 6
Max. Participants 12
Price CHF 2’950.00 excl. VAT

Important Information! Classes are not confirmed until 30 days prior to course start. Please do not consider an acknowledgement letter or invoice as confirmation that a class will definitely run. Please feel free to contact us to before making travel arrangements, to confirm the class is going forward. A confirmation notice will be issued when a class is confirmed, or a cancellation notice if it will not be held.

Select Training Date
13.01.2020 – 17.01.202001.06.2020 – 05.06.2020

Overview Mobile Forensics Training

 

Description Date Place Registration
Essential Smartphone Forensics 13.01.2020 – 17.01.2020 Zürich (Uster), Switzerland Details
JTAG Forensic Training 20.01.2020 – 24.01.2020 Zürich (Uster), Switzerland Details
ISP Forensic Training 27.01.2020 – 31.01.2020 Zürich (Uster), Switzerland Details
Chip-Off Forensic Training 03.02.2020 – 07.02.2020 Zürich (Uster), Switzerland Details
Advanced Flasher Box Bootloader Training 10.02.2020 – 14.02.2020 Zürich (Uster), Switzerland Details
Embedded Hardware Forensic Training 17.02.2020 – 21.02.2020 Zürich (Uster), Switzerland Details
SQLite Forensics 5-Day Complete 02.03.2020 – 06.03.2020 Zürich (Uster), Switzerland Details
Advanced Flasher Box Bootloader Training (French) 27.04.2020 – 01.05.2020 Delémont, Switzerland Details
Essential Smartphone Forensics 01.06.2020 – 05.06.2020 Zürich (Uster), Switzerland Details
JTAG Forensic Training 08.06.2020 – 12.06.2020 Zürich (Uster), Switzerland Details
ISP Forensic Training 15.06.2020 – 19.06.2020 Zürich (Uster), Switzerland Details
Chip-Off Forensic Training 22.06.2020 – 26.06.2020 Zürich (Uster), Switzerland Details
Advanced Flasher Box Bootloader Training 29.06.2020 – 03.07.2020 Zürich (Uster), Switzerland Details
Embedded Hardware Forensic Training 06.07.2020 – 10.07.2020 Zürich (Uster), Switzerland Details
SQLite Forensics 5-Days Complete 20.07.2020 – 24.07.2020 Zürich (Uster), Switzerland Details

Mehr über unsere Trainings erfahren?