Practical Mobile Forensics Course

Live On-Site / Live Virtual

HANDS-ON MOBILE SECURITY AND FORENSICS TRAINING

Dive into analyzing scenarios, conducting investigations, and effectively reporting findings, building essential skills in mobile device security, digital forensics, and incident response. Through engaging hands-on exercises, gain proficiency in handling security incidents on mobile platforms, mastering forensic methodologies, and developing a proactive approach to security challenges.

What You Will Learn

In this course, you’ll gain a solid understanding of mobile device architecture and the file systems of iOS and Android. You’ll explore legal and ethical considerations in mobile forensics and delve into mobile device security and encryption. The curriculum includes hands-on practical labs, where you’ll use various forensic tools and techniques for data acquisition from iOS and Android devices. You’ll learn how to effectively parse and analyze mobile data, conduct mobile cloud data forensics, and address data protection and privacy issues. Additionally, the course covers the application of machine learning and artificial intelligence for analyzing large datasets, providing practical experience with industry-standard tools.

Key Objectives

Mobile Device Security Principles
Android and iOS Internals
Android and iOS Security Mitigations
Mobile Forensics Fundamentals
iOS Data Acquisition Techniques
iOS Data Analysis Tools and Methods
Advanced iOS Forensic Techniques
Android Architecture and Security Features
Android Data Extraction Methods
Android App Analysis and Reverse Engineering
Hands-On Practice with Practical Labs and Tools

Duration

2 Days

Ways to Learn

Live Virtual

Live On-Site

Who Should Attend?

This course is for penetration testers, mobile developers or anyone keen to learn mobile application security.

laptop Requirements

Laptop with: 8+ GB RAM and 40 GB hard disk space
Students will be provided with access to Linux cloud instances
Students will be provided with access to Corellium for Android and iOS hands-on and as such do not need to carry physical devices
Administrative access on the system is required

Detailed Course Setup instructions and Slack access will be sent a few weeks prior to the class

Need To Justify To Your Manager?

Need a Template to Justify the Training Request to your Manager? Download the Template below

Syllabus

Module 1: Introduction to Mobile Device Security

Overview of mobile device security principles and challenges.
Introduction to mobile forensics and its importance in digital investigations.

Module 2: iOS Forensics Fundamentals

Evolution of mobile forensics and the new golden age for iOS forensics.
Understanding the iOS operating system, filesystem structure, and security mechanisms.
Challenges specific to iOS forensics and methods to overcome them.
iOS Code Signing, Encryption, and Sandboxing
The APFS Filesystem
iOS Kernel Security Measures
iOS daemons
IPC Mechanisms in iOS
Intro of the WebKit framework
The libimobildevice framework
Introduction to mvt (Mobile Verification Toolkit)
iOS Keychain

Module 3: Data Acquisition from iOS Devices

Understanding acquisition methods such as logical, physical, and filesystem acquisitions.
Hands-on practice with tools like Cellebrite UFED, Elcomsoft iOS Forensic Toolkit, and Bootrom exploits for filesystem acquisition.
Performing logical and filesystem acquisitions on iOS devices.
Important files in an iOS device

Module 4: iOS Data Analysis and Tools

Differences between encrypted and unencrypted backups
Working with iOS backups
Introduction to forensic tools like Cellebrite Physical Analyzer, Magnet AXIOM, and open-source tools like Apollo and iLEAPP.
Analyzing iOS artifacts such as emails, messages, call logs, location data, and media files.
Using custom scripts and tools for iOS data analysis and verification.

Module 5: Advanced iOS Forensic Techniques

Exploring advanced topics in iOS forensics, including pattern-of-life forensics and connectivity data analysis.
Introduction to the TAXII protocol for threat intelligence sharing in the mobile environment.
Leveraging Custom IOCs for identifying threats specific to iOS devices.

Module 6: Android Forensics and Security

Understanding Android architecture, security features, and filesystem structure.
Android forensic setup, pre-data extraction techniques, and data acquisition methods.
Analyzing Android apps, malware, and reverse engineering techniques
Andorid permission model, SELinux, Sandboxing
IPC mechanisms in Android
The Android Keystore

Module 7: Android Forensic Setup and Data Extraction Techniques

Setting up a forensic environment for Android analysis and data extraction.
Installing necessary software, Android platform tools, and creating virtual Android devices.
Exploring various data extraction techniques including manual extraction, logical extraction, ADB pull extraction, and physical extraction.
Hands-on practice with tools like SQLite Browser, ADB backup extraction, and Autopsy for analyzing and recovering Android data.

Module 8: Android App Analysis and Malware Detection

Analyzing widely used Android apps such as Facebook, WhatsApp and Google Chrome for retrieving data.
Techniques for reverse engineering Android applications including extracting APK files, reverse engineering steps, and identifying Android malware.
Understanding types of Android malware, how they spread, and techniques for malware detection and analysis.

Module 9: Mobile Verification and Security Assessment

Introduction to the Mobile Verification Toolkit (MVT) for mobile app verification and security assessment.
Using MVT for analyzing mobile apps, identifying vulnerabilities, and performing security assessments.
Hands-on practice with MVT tools and techniques for mobile security assessment.

Module 10: Practical Labs and Case Studies

Engaging in practical labs and case studies to apply learned concepts and techniques.
Analyzing real-world scenarios, conducting investigations, and reporting findings.
Developing skills in mobile device security, forensics, and incident response through hands-on exercises.

Prerequisites

To successfully participate in this course, attendees should possess the following:

Working knowledge of cybersecurity and pentesting fundamentals
Basic working knowledge of iOS and Android platforms
Basic Linux skills and command-line proficiency
Understanding of fundamental programming concepts and looping structures in at least one higher-level language (Java, Kotlin, Objective-C, Swift, C, C++, or similar)
Working knowledge of Forensic acquisition skills is recommended, but not required

TRUSTED TRAINING PROVIDERS

Our trainers boast more than ten years of experience delivering diverse training sessions at conferences such as Blackhat, HITB, Power of Community, Zer0con, OWASP Appsec, and more.

Interactive discussion in a mobile security training session at BlackHat

Trainer engaging with attendees in a mobile security training.

Participants in a mobile security training session watching a presentation.

Classroom setup during a mobile security training session.

Participants taking notes during a mobile security training session.

Group interaction in a mobile security training session.

Trainer presenting on mobile security to a group using a projector.

Participants viewing a slide presentation on mobile security.

Training session with participants using laptops in a mobile security course.

Wide view of a mobile security training session with attendees.

Participants listening during a mobile security training session.

Close-up of participants at a mobile security training session.

Trainer presenting to participants in a mobile security training session.

Hear from our Students

Our Students are our greatest voice, just read what they have to say!

OUR MODES OF TRAINING

Perfect for Teams in Multiple Location

Real-time interaction with our expert trainers over Zoom
Customizable content tailored to your team’s needs
Continued support after the training

Perfect for Teams in One Location

Real-time interaction with our expert trainers at an onsite location
Customizable content tailored to your team’s needs
Continued support after the training

FAQ

What are the different formats in which the courses are offered?

Our Live Virtual and On-Site sessions replicate the interactive classroom experience, fostering real-time collaboration and engagement among participants.

Is prior experience in mobile security necessary to enroll in the training program?

While prior experience is helpful, the course is designed to accommodate various skill levels. It provides a structured learning path, starting from foundational concepts and progressing to advanced techniques.

Can i share the purchased course material with other people?

No, the training that you purchase from 8kSec, including the course materials is exclusively for your individual use. You may not reproduce, distribute or display (post/upload) lecture notes, or recordings, or course materials in any other way — whether or not a fee is charged – without the express written consent of 8kSec.

Where can i find the Certificate of Course Completion?

For On-Site/Virtual Courses during private trainings/conferences, we provide a customized certificate after the completion of the course. Please note that the Certificate of Course Completion is different from the one obtained after clearning the Certification exam.

Do i need to setup any Labs in order to perform the Labs in the training?

For Virtual/Live Trainings, we will provide you access to our Lab environment and an instruction guide during the training.

Where can i find the schedule of your Virtual/Live Training classes?

You can find our Training Schedule at https://8ksec.io/public-training/. To schedule a Live Virtual or Live On-site private training for a group of 5+ attendees, email trainings@8ksec.io and our logistics team will get in touch with you to organize one.

The information on this page is subject to change without notice.

CONTACT US

Please share with us the project requirements and the goals you want to achieve, and one of our sales representatives will contact you within one business day.

Our Location

51 Pleasant St # 843, Malden, MA, Middlesex, US, 02148

General and Business inquiries

contact@8ksec.io

Trainings

trainings@8ksec.io

Press

press@8ksec.io

Phone

+1(347)-4772-006

SEND ENQUIRY

Get the latest news & updates

Penetration
Testing

Cybersecurity Consulting

Security
Compliance

SSDLC