Practical Mobile Forensics
Live On-Site / Live Virtual
Master Mobile Digital Forensics
Gain comprehensive expertise in mobile forensics analysis. Learn evidence acquisition techniques, filesystem analysis, data recovery, and forensic reporting for both iOS and Android devices.
What You Will Learn
This course provides a solid foundation in mobile device forensics, covering both iOS and Android platforms. You will learn proper evidence handling procedures, chain of custody requirements, and the legal considerations that govern mobile forensic investigations. The curriculum includes hands-on practice with industry-standard forensic tools and acquisition methods.
For iOS forensics, you will master filesystem analysis, backup extraction techniques, keychain analysis, SQLite database examination, plist file parsing, and application data recovery. You will work with tools such as Cellebrite, Elcomsoft, and open-source alternatives like iLEAPP and the Mobile Verification Toolkit (MVT).
On the Android side, you will learn partition layouts, data extraction methods, application database analysis, messaging app forensics, media recovery, and cloud artifact examination. The course concludes with advanced techniques including timeline reconstruction, geolocation analysis, network artifact recovery, deleted data recovery, and forensic report writing for court presentation.
Key Objectives
- ✓Understand evidence handling, chain of custody, and legal considerations
- ✓Master forensic imaging and acquisition methods (logical, physical, filesystem)
- ✓Analyze iOS filesystem structure, APFS, and security mechanisms
- ✓Extract and examine iOS backups, keychain data, and SQLite databases
- ✓Recover application data and media files from iOS devices
- ✓Analyze Android partition layouts and extract data using ADB
- ✓Perform messaging app forensics and cloud artifact analysis
- ✓Reconstruct timelines and analyze geolocation data
- ✓Recover deleted data and handle encrypted content
- ✓Use MVT, iLEAPP, and other forensic tools effectively
- ✓Write forensic reports suitable for court presentation
All our live trainings are highly customizable. We can tailor the content to cover topics specific to your team's needs. Contact us for more details.
Syllabus
Module 1: Forensics Fundamentals +
- •Evidence handling and chain of custody procedures
- •Acquisition methods: logical, physical, and filesystem
- •Legal considerations and admissibility requirements
- •Forensic imaging best practices
- •Mobile device security principles and challenges
- •Setting up the forensic analysis environment
Module 2: iOS Forensics +
- •iOS filesystem structure and APFS
- •Backup extraction (encrypted and unencrypted)
- •Keychain analysis and credential recovery
- •SQLite database examination
- •Plist file parsing and analysis
- •Application data recovery and artifact extraction
- •Using iLEAPP, Apollo, and libimobiledevice
- •Introduction to MVT (Mobile Verification Toolkit)
Module 3: Android Forensics +
- •Android partition layout and filesystem structure
- •Data extraction techniques (ADB, logical, physical)
- •Application database analysis
- •Messaging app forensics (WhatsApp, Telegram, Signal)
- •Media recovery and metadata extraction
- •Cloud artifact analysis
- •Android Keystore and security feature analysis
Module 4: Advanced Analysis +
- •Timeline reconstruction and event correlation
- •Geolocation analysis and movement tracking
- •Network artifact recovery and analysis
- •Deleted data recovery techniques
- •Handling encrypted data and locked devices
- •Pattern-of-life forensics and connectivity data
- •Custom IOCs for mobile threat detection
Module 5: Reporting & Tools +
- •Forensic report writing and structure
- •Tool comparison: commercial vs open-source
- •Court presentation and expert testimony preparation
- •Automated analysis workflows and scripting
- •Practical case studies and investigation scenarios
Prerequisites
To successfully participate in this course, attendees should possess the following:
- • Working knowledge of cybersecurity fundamentals
- • Basic familiarity with iOS and Android platforms
- • Basic command-line proficiency
- • Understanding of forensic concepts helpful but not required
Duration
2 Days
Ways To Learn
- Live Virtual
- Live On-Site
Who Should Attend?
Digital forensics analysts, incident responders, law enforcement, and security professionals involved in mobile evidence handling.
Laptop Requirements
- • Laptop with 8+ GB RAM and 40 GB hard disk space
- • Students will be provided with access to cloud lab instances
- • Administrative access on the system
- • Detailed setup instructions sent before the course
Trusted Training Providers
Our trainers boast more than ten years of experience delivering diverse training sessions at conferences such as Blackhat, HITB, Power of Community, Zer0con, OWASP Appsec, and more.
Take Your Skills To The Next Level
Our Modes Of Training
Live Virtual
Get in touch for pricing
Perfect for Teams in Multiple Locations
- Real-time interaction with expert trainers via Zoom
- Customizable content for your team
- Continued support after training
- Certificate of completion
Live On-Site
Get in touch for pricing
Perfect for Teams in One Location
- Real-time interaction at your onsite location
- Customizable content for your team
- Continued support after training
- Certificate of completion
FAQ
The information on this page is subject to change without notice.
Contact Us
Have a question or want to learn more about this training? Get in touch with us.
Our Location
51 Pleasant St # 843, Malden, MA, US, 02148
General Inquiries
contact@8ksec.io
Trainings
training@8ksec.io