CAST 612 – Advanced Mobile Forensics and Security

CAST 612 – Advanced Mobile Forensics and Security

Overview:

The field of Digital Mobile Forensics is rapidly evolving and becoming increasingly lucrative, reflecting the exponential growth of the mobile phone industry. Experts predict that mobile phones may even surpass computers for basic tasks like sending and receiving emails. As mobile devices proliferate, the scope and significance of mobile forensics expand, necessitating thorough examinations of these devices to ensure complete investigations. Neglecting this crucial aspect would result in incomplete investigations. The growing importance of mobile forensics has opened new career opportunities in corporate, law enforcement, and military settings. Each mobile device is unique, requiring specialized expertise for effective forensics.

This course is meticulously designed to meet the needs of today’s Mobile Forensics practitioners, focusing on advanced topics such as manual acquisition (physical vs. logical), advanced analysis through reverse engineering, and understanding how popular mobile OSs defend against common attacks and exploits.

CAST On-site offers personalized Advanced Security Courses tailored to individual or corporate needs, ensuring maximum flexibility in logistics, dates, and costs. Our certified expert trainers are experienced educators with extensive knowledge in their fields. We uphold strict quality control to deliver the highest training and service standards. CAST On-Site training significantly enhances workforce efficiency, ensuring improved productivity that far exceeds the initial training investment.

Objectives

Upon completing this course, participants will be able to:

  • Stay updated with the latest technologies used by leading professionals in the field.
  • Protect their organization by retrieving stolen data and incriminating evidence from communication devices used by rogue employees.
  • Influence the outcomes of civil, private litigation, and criminal cases by providing crucial evidence from mobile devices.
  • Refine current mobile forensic processes, addressing unique challenges in preserving crucial data and producing valid results.
  • Conduct proper and regular IT audits on mobile devices to prevent misuse of company information.

Duration:

3 days

Intended Audience:

  • Risk Assessment Professionals
  • Digital Forensics Investigators
  • Information Security Professionals
  • Mobile Developers
  • Penetration Testers (CEH Professionals)
  • Law Enforcement Officers and Government Agencies
  • Attorneys, Paralegals, and First Responders
  • Accountants and Financial Personnel
  • Anyone involved in the implementation, testing, and security hardening of mobile devices

Course Outlines:

Module 01: Mobile Forensic Challenges

  • Overview of Digital Forensics
  • When is Computer Forensics Required?
  • Case Studies: Insider Attack (WikiLeaks), External Attacks (Credit Card Theft, T.J. Maxx)
  • Understanding and Characteristics of Digital Evidence
  • SWGDE Standards for Digital Evidence
  • Computer Forensics Investigation Process
  • Differences Between Mobile and Computer Forensics
  • Historical and Future Trends in Mobile Forensics
  • Role of Mobile Forensics in IT Security
  • News Highlights: Mobile Forensics Units and Cases
  • Challenges in Digital Forensics: Criminal vs. Civil Cases

Module 02: Mobile Forensics Process

  • Why the Mobile Forensics Process is Essential
  • Pre-Investigation Steps: Building a Forensics Workstation, Team, and Toolkit
  • Mobile Forensics Investigation Process: Search Warrants, Evidence Preservation, Scene Documentation, Evidence Collection, Signal Containment, Transporting and Storing Evidence, Chain of Custody, Evidence Acquisition, Examination, and Analysis
  • Challenges in the Mobile Forensics Process: Procedural, Acquisition, and Integrity
  • Mobile Phone Anti-Forensics Activities
  • Common Mistakes in Warrants, Affidavits, and the Forensics Process

Module 03: Mobile Hardware Design and Architectures

  • Components of Mobile Device Hardware
  • Hardware Designs for Samsung, Android, Windows Phone, and iOS Devices
  • Mobile Hardware Toolkit

Module 04: Mobile OS Architecture, Boot Process, and File Systems

  • Mobile Storage and Forensics
  • OS Architectures for Android, Windows Phone, and iOS
  • File Systems and Boot Processes for Mobile Devices

Module 05: Mobile Threats and Security

  • Evolution and Types of Mobile Threats
  • OWASP Mobile Top 10 Risks
  • Mobile Hacking Toolkits and Platform Security
  • Jailbreaking/Rooting and its Implications
  • Mobile Device Security Guidelines
  • Mobile Enterprise Security and BYOD Risks

Module 06: Mobile Evidence Acquisition and Analysis

  • Methods of Data Acquisition: Manual, Logical, Physical, JTAG, Chip-off, File System
  • Tools for Mobile Forensics Analysis
  • SIM Card Forensics
  • Cell Site Analysis

Module 07: Mobile Application Reverse Engineering

  • Importance and Applications of Reverse Engineering
  • Skills Required and Mobile Packages (APK, IPA)
  • Tools and Techniques for Android and iOS Reverse Engineering

Module 08: Mobile Forensics Reporting and Expert Testimony

  • Forensics Reporting and Documentation
  • Court Submission Guidelines
  • Preparing for Testimony
  • Sample Reports and Forms

Labs

Day 1:

  • Modules 1 to 5
  • Lab: Rooting an Android Device Using Kingo ROOT
  • Lab: Advanced Hacking and Spying on a Mobile Device Using AndroRat

Day 2:

  • Module 6
  • Labs: Rooting, Bypassing Lock Screens, Filesystem Acquisition, Logical Data Extraction, Forensic Imaging, and File Carving

Day 3:

  • Modules 7 and 8
  • Labs: Extracting and Analyzing Databases, Conducting Mobile Malware Analysis

This comprehensive course equips participants with the necessary skills and knowledge to excel in the rapidly evolving field of mobile forensics, ensuring they can effectively address the challenges and opportunities in this critical domain.