Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

OpenText EnCase Mobile Device Examinations

( Duration: 2 Days )

In OpenText EnCase Mobile Device Examinations training course, you will learn to analyze smartphones and mobile devices for evidence for criminal and corporate investigations. This course will provide instruction related to the acquisition of mobile devices using EnCase Forensic followed by the examination via the use of EnCase Mobile Investigator (as well as EnCase Forensic). The course will detail performing acquisitions from both a handset and a device backup followed by examination of devices running the mobile operating systems Android and Apple iOS.

By attending OpenText EnCase Mobile Device Examinations workshop, delegates will learn:

  • The history of Android and Apple iOS mobile operating systems
  • How to prepare for and conduct an acquisition of an Android device
  • How to conduct an acquisition of an Android Samsung S5/S6 device via the android bootloader
  • How to conduct an acquisition of an Apple iOS device
  • How to conduct an acquisition of Apple iOS backup (including an encrypted backup)
  • How to examine the Android system, user, application, and Internet artifacts
  • How to examine the Apple iOS system, user, application, and Internet artifacts
  • How to conduct an examination of still and moving image file formats
  • Understanding the structure of file types and data structures, including (but not limited) to support mobile device applications and system artifacts:
    • SQLite databases
    • Apple property lists (pLists)
    • EXIF

  • Knowledge of basic computer forensics will be helpful
The OpenText EnCase Mobile Device Examinations class is ideal for:
  • Digital Forensic Investigators, including Law Enforcement, Government, Military, Corporate, IT Security & Litigation Support Professionals.

COURSE AGENDA

1

Day 1

  • Learn how mobile devices have become part of many digital investigations
  • Install OpenText EnCase Forensic and EnCase Mobile Investigator and apply global configurations
  • Use EnScript plugins to adapt the EnCase environment for an examination of mobile devices
  • Create and add evidence to a case within EnCase Mobile Investigator
  • Identify the structures within mobile devices, including Apple PList, SQLite and EXIF
  • Identify the various types of mobile acquisition
  • Acquire from a device and implement troubleshooting techniques if necessary
  • Identify the available file types and import their content
  • Acquire from cloud servicesReview acquired evidence
  • Identify methods for iOS device acquisition, even when passcode protected
  • Perform a logical acquisition of an iOS device
  • Identify the difference between an iOS9 and iOS10/11 iTunes backup
  • Discuss the encoding methods of Apple filenames in the backup
  • Identify the key components of an iTunes iOS backup
  • Acquire an iTunes backup using EnCase
  • Learn the history behind the creation of Android devices
  • Learn the options for acquiring data from Android devices and use EnCase to conduct an acquisition
2

Day 2

  • Perform an index search across mobile evidence within EnCase Forensic
  • Discuss the process of Optical Character Recognition relating to the use of EnCase Mobile Investigator
  • Perform and review the results from a raw search with EnCase Mobile Investigator, discussing the associated options
  • Process the evidence loaded into EnCase Mobile Investigator
  • Perform an index search and review the results using EnCase Mobile Investigator
  • Perform a Categorized Items search applying relevant filtering within EnCase Mobile Investigator
  • Navigate the pathways to key artifacts within Android evidence from both a logical and physical acquisition using EnCase Forensic and EnCase Mobile Investigator
  • Extract SQLite DB files for viewing and analysis with SQLite Viewer
  • Use relevant EnScript programs for viewing and parsing
  • Receive an explanation of the artifact paths with potential evidentiary value
  • Discuss the core artifacts of Apple iOS, such as call history and contacts
  • Receive an explanation of the function of SMS/imessage and link to attachments
  • Locate and understand where digital photographs are stored
  • View the EXIF data with EnScript and EnCase Mobile Investigator
  • Receive an explanation of applications' aspects in terms of where the data can be identified, relating to the acquisition from an iOS device and iTunes backup
  • Use application artifacts to parse those for Safari
  • Verify relevant parsed content with the use of SQLite queries
  • Examine unsupported applications via the construction of SQLite queries and SQLite viewers
  • Bookmark various data types
  • Generate various reporting types
  • Understand reporting navigation options
  • Create reports for both logical and physical acquisitions

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X