As an investigator, it is imperative that you understand the basic technologies of mobile devices. With new devices emerging weekly this task can seem a bit overwhelming. Syntricate Mobile Device Training can show you the types of data that can be extracted and interpreted from mobile devices and the types of data service providers could be storing. Finally reviewing data can sometimes feel like reading a second language. Learning to utilize forensic review platforms and open source reporting tools will make the entire process less of a challenge.
Digital Examiners wishing to move in to the realm of mobile forensics must have a firm foundation in digital forensics. An understanding of binary and hexadecimal is not needed as our courses offer an introduction to these topics. Once that foundation is in place, the mobile examiner will learn the basics of cellular technology and data storage on mobile devices. From here they can choose various paths depending on their needs and commercial software available to them. Syntricate Mobile Device Forensics can instruct examiners on popular, commercially available software as well as open source solutions. This stage will build the foundation to creating a forensic process which is the core of Syntricate’s training principles.
As the individual examiners knowledge continues to grow conducting forensic examinations, so will the challenges they will encounter. Continued training in a must for the mobile device examiner due to the ever changing environment of the technologies. It is recommended the examiner learns more about specific operating systems modern smart devices are utilizing including; iOS, Android, and Blackberry. It is also important for the examiner to understand the current threat of malware on mobile devices and how malware is infecting Android devices.
Mobile device forensic tools offer a wide range of collection and examination options. It is fact that one forensic tool will not process every device currently on the consumer market. Syntricate’s Instructors understand and provide the advanced examiner concepts and understandings of how devices are storing data and how the data can be independently validated. This usually involves the examiner working with the data at the hexadecimal level. The examiner will learn how data is stored in SQLite databases and how smart device applications are reconstructed. This can be done a couple of ways; some forensic tools will be utilized and Python can be applied to unique situations to parse the data. Finally the examiner will learn advanced data extraction and interpretation utilizing JTAG and Chip-Off Techniques along with software that will aid them in locating and parsing the data.