This course provides the advanced skills and knowledge necessary to analyze data on iOS devices (iPod Touch, iPhone, and iPad) and Android devices at an advanced level. Students use forensically sound tools and techniques to analyze potential evidence, employing advanced techniques to uncover evidence potentially missed or misrepresented by commercial forensic tools. Topics include identifying potential threats to data stored on devices, using available acquisition options, accessing locked devices, and understanding the default folder structure. Core skills include analyzing artifacts such as device information, call history, voicemail, messages, web browser history, contacts, and photos. Instruction is provided on developing the "hunt" methodology for analyzing third-party applications not supported by commercial forensic tools.
- Mobile device hardware fundamentals. Understand how mobile devices work, store data, and interact with a variety of networks.
- Device handling. Learn about properly preserving data for imaging and analysis, as well as identifying potential threats to data integrity.
- Device acquisition and security. Understand acquisition options (physical, logical, device backups) and how to bypass passcodes and properly defeat encrypted backups of iOS devices.
- Advanced analysis techniques. Learn about mounting images, partitioning scheme and default folder structure, and types of artifacts (plists, SQLite databases, etc.).