This course provides the advanced skills
and knowledge necessary to analyze data on iOS devices (iPod Touch, iPhone, and
iPad) and Android devices at an advanced level. Students use forensically-sound
tools and techniques to analyze potential evidence, employing advanced techniques to uncover evidence potentially missed
or misrepresented by commercial forensic tools. Topics include identifying potential threats to data stored
on devices, available acquisition options, accessing locked devices, and the
default folder structure. Core skills include analyzing artifacts such as
device information, call history, voicemail, messages, web browser history, contacts, and
photos. Instruction is provided on developing the "hunt" methodology
for analyzing third party applications not supported by commercial
device hardware fundamentals.
How mobile devices work, store data, and interact with
a variety of networks.
Properly preserving data for imaging and analysis. Identifying potential
threats to data integrity.
acquisition and security. Acquisition options (physical, logical,
device backups). Bypassing passcodes
and properly defeating encrypted backups of iOS
Advanced analysis techniques. Mounting images,
partitioning scheme and default folder structure, types of artifacts (plists,
SQLite databases, etc.).
This is an
advanced course, intended for experienced digital forensic examiners with a
solid understanding of digital forensic principles and mobile device analysis
NW3C recommends that students complete the following courses before
registering for Advanced Digital Forensic Analysis: iOS &
All classes are subject to
cancellation up to 45 days before the start of class if the minimum class
registration threshold is not met.