Practical Mobile Forensics Course

Live On-Site / Live Virtual

HANDS-ON MOBILE SECURITY AND FORENSICS TRAINING

Dive into analyzing scenarios, conducting investigations, and effectively reporting findings, building essential skills in mobile device security, digital forensics, and incident response. Through engaging hands-on exercises, gain proficiency in handling security incidents on mobile platforms, mastering forensic methodologies, and developing a proactive approach to security challenges.

Banner for 'mobile Device Forensics' Training by 8ksec. Training on Android and Ios Device Internals and Cybercrime Investigation Techniques for Mobile Platforms.

What You Will Learn

In this course, you’ll gain a solid understanding of mobile device architecture and the file systems of iOS and Android. You’ll explore legal and ethical considerations in mobile forensics and delve into mobile device security and encryption. The curriculum includes hands-on practical labs, where you’ll use various forensic tools and techniques for data acquisition from iOS and Android devices. You’ll learn how to effectively parse and analyze mobile data, conduct mobile cloud data forensics, and address data protection and privacy issues. Additionally, the course covers the application of machine learning and artificial intelligence for analyzing large datasets, providing practical experience with industry-standard tools.

Key Objectives

  • Mobile Device Security Principles
  • Android and iOS Internals
  • Android and iOS Security Mitigations
  • Mobile Forensics Fundamentals
  • iOS Data Acquisition Techniques
  • iOS Data Analysis Tools and Methods
  • Advanced iOS Forensic Techniques
  • Android Architecture and Security Features
  • Android Data Extraction Methods
  • Android App Analysis and Reverse Engineering
  • Hands-On Practice with Practical Labs and Tools

Duration

2 Days

Ways to Learn

Who Should Attend?

This course is for penetration testers, mobile developers or anyone keen to learn mobile application security.

laptop Requirements

  • Laptop with: 8+ GB RAM and 40 GB hard disk space 
  • Students will be provided with access to Linux cloud instances
  • Students will be provided with access to Corellium for Android and iOS hands-on and as such do not need to carry physical devices
  • Administrative access on the system is required

Detailed Course Setup instructions and Slack access will be sent a few weeks prior to the class

Need To Justify To Your Manager?

Need a Template to Justify the Training Request to your Manager? Download the Template below

Syllabus

  • Overview of mobile device security principles and challenges.
  • Introduction to mobile forensics and its importance in digital investigations.
  • Evolution of mobile forensics and the new golden age for iOS forensics.
  • Understanding the iOS operating system, filesystem structure, and security mechanisms.
  • Challenges specific to iOS forensics and methods to overcome them.
  • iOS Code Signing, Encryption, and Sandboxing
  • The APFS Filesystem
  • iOS Kernel Security Measures
  • iOS daemons 
  • IPC Mechanisms in iOS
  • Intro of the WebKit framework
  • The libimobildevice framework
  • Introduction to mvt (Mobile Verification Toolkit)
  • iOS Keychain
  • Understanding acquisition methods such as logical, physical, and filesystem acquisitions.
  • Hands-on practice with tools like Cellebrite UFED, Elcomsoft iOS Forensic Toolkit, and Bootrom exploits for filesystem acquisition.
  • Performing logical and filesystem acquisitions on iOS devices.
  • Important files in an iOS device
  • Differences between encrypted and unencrypted backups
  • Working with iOS backups
  • Introduction to forensic tools like Cellebrite Physical Analyzer, Magnet AXIOM, and open-source tools like Apollo and iLEAPP.
  • Analyzing iOS artifacts such as emails, messages, call logs, location data, and media files.
  • Using custom scripts and tools for iOS data analysis and verification.
  • Exploring advanced topics in iOS forensics, including pattern-of-life forensics and connectivity data analysis.
  • Introduction to the TAXII protocol for threat intelligence sharing in the mobile environment.
  • Leveraging Custom IOCs for identifying threats specific to iOS devices.
  • Understanding Android architecture, security features, and filesystem structure.
  • Android forensic setup, pre-data extraction techniques, and data acquisition methods.
  • Analyzing Android apps, malware, and reverse engineering techniques
  • Andorid permission model, SELinux, Sandboxing
  • IPC mechanisms in Android
  • The Android Keystore
  • Setting up a forensic environment for Android analysis and data extraction.
  • Installing necessary software, Android platform tools, and creating virtual Android devices.
  • Exploring various data extraction techniques including manual extraction, logical extraction, ADB pull extraction, and physical extraction.
  • Hands-on practice with tools like SQLite Browser, ADB backup extraction, and Autopsy for analyzing and recovering Android data.
  • Analyzing widely used Android apps such as Facebook, WhatsApp and Google Chrome for retrieving data.
  • Techniques for reverse engineering Android applications including extracting APK files, reverse engineering steps, and identifying Android malware.
  • Understanding types of Android malware, how they spread, and techniques for malware detection and analysis.
  • Introduction to the Mobile Verification Toolkit (MVT) for mobile app verification and security assessment.
  • Using MVT for analyzing mobile apps, identifying vulnerabilities, and performing security assessments.
  • Hands-on practice with MVT tools and techniques for mobile security assessment.
  • Engaging in practical labs and case studies to apply learned concepts and techniques.
  • Analyzing real-world scenarios, conducting investigations, and reporting findings.
  • Developing skills in mobile device security, forensics, and incident response through hands-on exercises.

Prerequisites

To successfully participate in this course, attendees should possess the following:

  • Working knowledge of cybersecurity and pentesting fundamentals
  • Basic working knowledge of iOS and Android platforms
  • Basic Linux skills and command-line proficiency
  • Understanding of fundamental programming concepts and looping structures in at least one higher-level language (Java, Kotlin, Objective-C, Swift, C, C++, or similar)
  • Working knowledge of Forensic acquisition skills is recommended, but not required

TRUSTED TRAINING PROVIDERS

Our trainers boast more than ten years of experience delivering diverse training sessions at conferences such as Blackhat, HITB, Power of Community, Zer0con, OWASP Appsec, and more.

Hear from our Students

Our Students are our greatest voice, just read what they have to say!

Take Your Skills To The Next Level

OUR MODES OF TRAINING

LIVE VIRTUAL

GET IN TOUCH FOR PRICING

Perfect for Teams in Multiple Location
 
  • Real-time interaction with our expert trainers over Zoom
  • Customizable content tailored to your team’s needs
  • Continued support after the training

LIVE ON-SITE

GET IN TOUCH FOR PRICING

Perfect for Teams in One Location
 
  • Real-time interaction with our expert trainers at an onsite location
  • Customizable content tailored to your team’s needs
  • Continued support after the training

FAQ

Our Live Virtual and On-Site sessions replicate the interactive classroom experience, fostering real-time collaboration and engagement among participants.

While prior experience is helpful, the course is designed to accommodate various skill levels. It provides a structured learning path, starting from foundational concepts and progressing to advanced techniques.

No, the training that you purchase from 8kSec, including the course materials is exclusively for your individual use. You may not reproduce, distribute or display (post/upload) lecture notes, or recordings, or course materials in any other way — whether or not a fee is charged – without the express written consent of 8kSec.

For On-Site/Virtual Courses during private trainings/conferences, we provide a customized certificate after the completion of the course. Please note that the Certificate of Course Completion is different from the one obtained after clearning the Certification exam.

For Virtual/Live Trainings, we will provide you access to our Lab environment and an instruction guide during the training.

You can find our Training Schedule at https://8ksec.io/public-training/. To schedule a Live Virtual or Live On-site private training for a group of 5+ attendees, email trainings@8ksec.io and our logistics team will get in touch with you to organize one.

The information on this page is subject to change without notice.

CONTACT US

Please share with us the project requirements and the goals you want to achieve,  and one of our sales representatives will contact you within one business day.

Our Location

51 Pleasant St # 843, Malden, MA, Middlesex, US, 02148

General and Business inquiries

contact@8ksec.io

Trainings

trainings@8ksec.io

Press

press@8ksec.io

Phone

+1(347)-4772-006

SEND ENQUIRY