The IACIS Mobile Device Forensics Training Program is a 36-hour course of instruction offered over five (5) consecutive days. This program will expand the students’ existing mobile forensic knowledge and skillset. It is designed to provide students with intermediate to advanced skills needed to detect, decode, decrypt, and analyze evidence recovered from mobile devices during mobile device investigations. Using instructor-led exercises and hands-on practicals students will learn the necessary skills to go behind the automation processes of popular mobile forensic tools and will have gained the competency to apply these skills during an investigation to reveal the sources of cell phone data used to store evidence. Upon the completion of the course, students will be confident in knowing they can gather and explain the data they have located during a mobile device examination.
Although the program will provide some of the skills and materials needed to prepare for their ICMDE certification, this specific training program is NOT designed as a class specific to the certification. Students who have the desire to take the ICMDE will need to complete additional reading and study of the provided materials, as well as the recommended study material, to obtain a deeper understanding needed for preparing to take the ICMDE.
Topics include but are not limited to:
- Best practices in handling and securing mobile devices.
- Understanding valuable artifacts within both iOS and Android file systems that are sometimes overlooked in mobile device investigations.
- Utilize both commercial and open-source tools to have better insights into valuable artifacts.
- Students will learn the different types of acquisitions available and techniques to obtain the most relevant data.
- There is some usage of command line to conduct the practicals. The commands are explained in detail; however, some students may find previous command line experience helpful.
- Students will learn through hands-on exercises how the file systems are laid out in both iOS and Android, allowing them to find various unparsed data and be able to interpret it. This knowledge will carry over to new releases of the operating systems, ensuring students can continue to stay current.
- Validating data obtained from forensic tools, including data that tools miss.
- Students will learn advanced third-party application analysis to interpret, recognize, and decode artifacts stored by these applications.
- Viewing and interpreting iOS files such as plists to obtain valuable evidence.
- Students will understand ADB in Android devices for those times when a commercial tool is unable to.
- Students will learn about using Python scripts and how to use them to enhance the data they can obtain during their examinations, including manual application use of the queries.
- Understand how SQLite databases function and how the data is stored, including how to use simple queries to manually parse the data.
WHEN: January 12 – 16, 2026. This class will finish at midday on Friday.
COST: $2,695.00 US Dollars
EQUIPMENT: Classroom laptops will be given to the students to take home and keep.
REGISTRATION: Click HERE for information about registration and hotel accommodations
