The "Cybercop (CC) 350 - Mobile Device Forensic Analysis" (MDFA) course provides the fundamental knowledge and skills necessary to preserve, acquire, and analyze data on iOS devices (iPod Touch, iPhone, and iPad), as well as various Android devices. Students use forensically sound tools and techniques to acquire and analyze potential evidence. Topics include identifying potential threats to data stored on devices, available imaging options, accessing locked devices, and the default folder structure. The forensic artifacts covered include device information, call history, voicemail, messages, web browser history, contacts, and photos.
Course structure:
- Mobile Device Repair. Learn troubleshooting, teardown, and repair procedures for commonly encountered issues, such as dead batteries, broken screens, water damage, etc.
- Device handling. Understand how to properly preserve data for imaging and analysis, as well as identify potential threats to data and other locations for potential evidence.
- Device imaging. Learn about imaging options (physical, logical, device backups), bypassing passcodes, and encrypted backups.
- Processing basics. Explore mounting images, partitioning scheme and default folder structure, and types of artifacts (plists, sqlite databases, etc.).
- Application artifacts. Analyze and interpret device information, call history, voicemail, messages, web browser history, contacts, photos, and more.
MDFA is a four-day classroom course.
Prerequisite: CC 201 – Digital Evidence Examination and Processing classroom course.
| Amount | Description |
|---|---|
$0.00 | Free to Law Enforcement |