Computer and Mobile Forensics Training

Take your system-based forensic knowledge onto the wire. Incorporate network evidence into your investigations, provide better findings, and get the job done faster with this Computer and Mobile Forensics Training.

Forensic casework that does not include a network component is a rarity in today’s environment. Performing disk forensics will always be a critical and foundational skill for this career, but overlooking the network component of today’s computing architecture is akin to ignoring security camera footage of a crime as it was committed. Whether you handle an intrusion incident, data theft case, or employee misuse scenario, the network often has an unparalleled view of the incident. Its evidence can provide the proof necessary to show intent, or even definitively prove that a crime actually occurred.

Computer crime is here to stay. Computer Forensics Specialists are needed by today’s companies to determine the root cause of a hacker attack, collect evidence legally admissible in court, and protect corporate assets and reputation. The best way to become a forensics expert is to attend a training session with a computer forensics training expert.

Rockets and MissilesDuration: 7 days

  • We can adapt this Computer and Mobile Forensics Training course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Computer and Mobile Forensics Training course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the Computer and Mobile Forensics Training Course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Computer and Mobile Forensics Training course in manner understandable to lay audiences.

The target audience for this Computer and Mobile Forensics Training course:

  • Law enforcement professionals looking to expand
    into computer crime investigations
  • Legal professionals
  • IT and information security professionals being tasked
    with corporate forensics and incident handling
  • Anyone with a desire to learn about computer
    forensics and develop their skills

The knowledge and skills that a learner must have before attending this Computer and Mobile Forensics Training course are:

  • Students must have no criminal record. Basic computer skills, including the ability or desire to work outside the Windows GUI interface, are necessary. A+ certification and/or similar training and experience is not required, but recommended.
  • This is a very in-depth training course and is not intended for individuals who have limited or no computer skills.
Computer and Mobile Forensics Training - OBJECTIVES

Upon completing this Computer and Mobile Forensics Training course, learners will be able to meet these objectives:

  • Provisions of IT law
  • Complex technical forensics concepts
  • How to apply forensics concepts to forensic investigations
  • Evidence-handling procedures and the general rules of evidence
  • Key technologies used in computers and mobile devices
  • Full range of computer forensics tools
  • Acquiring forensic evidence
  • Locating forensic artifacts in various operating systems
  • Analyzing extracted evidence
  • Properly reporting findings
  • Skills needed to track an offender on the internet
  • How to work with law enforcement
  • How to design an incident response strategy
Computer and Mobile Forensics Training - COURSE SYLLABUS
Day 1

Course introduction

  • Computer forensics and investigation as a profession
  • Define computer forensics
  • Describe how to prepare for computer investigations and explain the difference between law enforcement agency and corporate investigations
  • Explain the importance of maintaining professional conduct

Digital evidence — legal issues

  • Identifying digital evidence
  • Evidence admissibility
  • Federal rules of evidence
  • Daubert standard
  • Discovery
  • Warrants
  • What is seizure?
  • Consent issues
  • Expert witness
  • Roles and responsibilities
  • Ethics
  • (ISC)²
  • AAFS
  • ISO


  • Investigative process
  • Chain of custody
  • Incident response
  • E-discovery
  • Criminal vs. civil vs. administrative investigations
  • Intellectual property
    • Markman hearing
  • Reporting
  • Quality control
    • Lab and tool
    • Investigator
    • Examination
    • Standards
  • Evidence management
    • SOPS
    • Collection
    • Documentation
    • Preservation
    • Transport/tracking
    • Storage/access control
    • Disposition
  • Current computer forensics tools and hardware
    • Commercial
    • Free/open source
Day 2

Forensic science fundamentals

  • Principles and methods
    • Locard’s Principle
    • Inman-Rudin Paradigm
    • Scientific method
    • Peer review
  • Forensic analysis process


  • Storage media
    • Hard disk geometry
    • Solid state drives
    • RAIDS
  • Operating system
    • Boot process
    • The Swap File

File systems

  • File systems
    • NTFS file system
    • FAT file system
    • HFS+
    • Ext2/3/4
    • Embedded
  • Erased vs. deleted
  • Live forensics
Day 3

File and operating system forensics

  • Keyword searching
  • Metadata
  • Timeline analysis
  • Hash analysis
  • File signatures
    • File filtering (KFF)
  • Volume Shadow Copies
  • Time zone issues
  • Link files
  • Print spool
  • Deleted files
    • Recycle bin forensics
  • File slack
  • Damaged media
    • Physical damage
    • Logical damage
    • File carving
  • Registry forensics
    • USB devices
    • HKLM
  • Multimedia files
    • EXIF data
  • Compound files
    • Compression
    • Ole
    • AD
    • Passwords

Web and application forensics

  • Common web attack vectors
    • SQL injection
    • Cross-site scripting
    • Cookies
  • Browser artifacts
  • Email investigations
    • Email headers
    • Email files
  • Messaging forensics
  • Database forensics
  • Software forensics
    • Traces and application debris
    • Software analysis (hashes, code comparison techniques, etc.)
  • Malware analysis
    • Malware types and behavior
    • Static vs. dynamic analysis
Day 4

Network forensics

  • TCP/IP
    • IP addressing
    • Proxies
    • Ports and services
  • Types of attacks
  • Wired vs. wireless
  • Network devices forensics
    • Routers
    • Firewalls
    • Examining logs

Packet analysis

  • OS utilities
    • Netstat
    • Net sessions
    • Openfles
  • Network monitoring tools
    • SNORT
    • Wireshark
    • NetworkMiner


  • Hiding
    • Encryption
    • Symmetric
    • Asymmetric
    • TrueCrypt hidden partitions
  • Steganography
  • Packing
  • Hidden devices (NAS)
  • Tunneling/Onion routing
  • Destruction
    • Wiping/overwriting
    • Corruption/degaussing
  • Spoofing
    • Address spoofing
    • Data spoofing
    • Timestomping
  • Log tampering
  • Live operating systems
Day 5

New & emerging technology

  • Legal issues (privacy, obtaining warrants)
  • Social networks forensics
  • Types of social networks
  • Types of evidence
  • Collecting data
  • Virtualization
  • Virtualization forensics
  • Use of virtualization in forensics
  • Cloud forensics
  • Types of cloud services
  • Challenges of cloud forensics
  • Big data
  • Control systems and IOT

Mobile forensics introduction

  • Types of devices
  • GPS
  • Cell phones
  • Tablets
  • Vendor and carrier identification
  • Obtaining information from cellular provider
  • GSM vs. CDMA
  • Common tools and methodology
Day 6

Mobile forensics process

  • Mobile forensics challenges
    • OS variety
    • Differences in hardware and filesystems
    • Security features
    • Data volatility
    • Cloud storage
  • Types of evidence found on mobile devices
  • Collecting mobile devices at the scene
    • Locating devices
    • Preserving volatile data
    • Physical components and accessories (SIM cards, SD cards, chargers, etc.)
    • Older phones and devices
  • Comparison of mobile operating systems
    • Android
    • iOS
    • Windows phone
    • Blackberry OS
  • Data acquisition methods
    • Logical acquisition
    • Physical acquisition
    • Manual acquisition
  • Reporting findings

Android forensics

  • Android platform
    • Hardware
    • SDK and debug bridge
    • File systems and data structures
  • Android security model
    • Secure kernel and permissions
    • Full disk encryption
    • App security
  • Bypassing Android security features
    • Bootloader/recovery mode
    • Rooting an Android device
    • Lock screen bypassing techniques
  • Android logical data acquisition and analysis
    • Extracting the /data directory
    • Device information
    • SMS/MMS, email, browsing and social networking data
    • App and cloud data
  • Android physical data acquisition
    • Hardware-based techniques
    • JTAG
    • Chip-off
    • Android data recovery techniques
Day 7

iOS forensics

  • Apple iOS platform
    • iOS devices and hardware
    • iOS versions, file system and architecture
  • iOS security
    • Passcode and Touch ID
    • Privilege separation
    • ASLR and data execution prevention
    • Encryption
  • Bypassing iOS security features
    • Operating modes of iOS devices
    • Custom RAMDisk
    • Jailbreaking
    • Bypassing passcode
    • Breaking iOS device encryption keys
    • Establishing trusted communication with desktop computer
  • iOS data acquisition and analysis
    • SQLite databases
    • Property lists
    • Other important files (cookies, keyboard cache, recordings, etc.)
  • iPhone/iCloud backups
    • Backup structure
    • Extracting and examining unencrypted backups
    • Encrypted backups (extracting and decrypting the keychain)
  • iOS data recovery techniques

Windows phones

  • Windows Phone OS: partitions and filesystems
  • Windows Phone security features
    • Secure boot
    • Application security and data protection
  • Windows Phone logical acquisition and analysis
    • Sideloading
    • Extracting SMS, email and application data
  • Windows 10 mobile OS forensics

Feature phones forensics

  • Acquiring and examining data from feature phones
Computer and Mobile Forensics Training Course Wrap-Up

Whether you are looking for general information or have a specific question, we want to help.
Request More Information

    Time frame: