Despite their small scale, mobile devices employ a large amount of sophisticated technology that Digital Forensic Investigators must be familiar with. On the first day of the course we delve into the underlying technology of mobile devices and wireless networks, emphasizing how the data they contain can be used as evidence. We will cover the core forensic methodology as it relates to mobile devices when conducting a manual triage inspection, logical forensic examination, and in-depth forensic analysis of physical memory. We give you the knowledge and tools to interpret and utilize various identifiers and numbers associated with mobile devices, including MEID, IMEI, ICC-ID, and IMSI. We review the properties of Flash memory in mobile devices and demonstrate the pros and cons from a forensic perspective. We also provide approaches for dealing with common challenges such as missing SIM cards, passwords, and unsupported devices.

Hands-on exercises on the first day include proper evidence handling procedures for mobile devices. In addition to learning how to deal with common challenges in the field, you will learn how to perform a manual examination of a mobile device. Following a methodical process and using specially designed worksheets you will learn how to process of mobile devices from a forensic perspective and obtain information that forensic tools may not provide.