Advanced Mobile Device Acquisition
This course equips digital forensics professionals with the skills, utilities, and methods necessary to acquire data from devices which may otherwise be inaccessible. Students learn the advanced acquisition hierarchy and when to elevate the method of acquisition—from advanced custom recovery usage to bypass passcodes, to device encryption and other security measures, and ultimately to the acquisition of a physical forensic backup of the device. Hands-on instruction and practice includes the JTAG (Joint Test Action Group) acquisition method, and both cold and hot device ISP (In Systems Programming) acquisition techniques. Students utilize JTAG boxes to the fullest extent, including "flashing" capabilities. Finally, students perform thermal kinetic chip off extractions, with a capstone analysis block on proper methods for analyzing acquired data.


Course Topics Include

Advanced mobile forensics acquisition fundamentals and acquisition hierarchy.
Define the advanced acquisition work flow and matrix of elevation between methods of acquisition.

Custom recovery images.
Appropriate methods and usage situations for custom recovery techniques methods of data acquisition. Additionally, methods and techniques utilizing flasher boxes for data acquisition.

JTAG (Joint Test Action Group) techniques.
Utilize best practices for locating necessary “Taps” and performing acquisitions utilizing the JTAG method.

ISP (In Systems Programming) techniques.
The ISP method of device interaction and extraction, including methods leveraging techniques to defeat chip encryption.

Thermal kinetic chip-off.
Define best practices and procedures for performing chip-off extractions leveraging the thermal kinetic method.

Advanced acquisition analysis.
Advanced techniques to exam the data acquisitions performed.