Significant amounts of potentially probative information are stored logically on mobile devices, including text messages, e-mails, call logs, calendar items, photos and videos. The third day of the course focuses on forensic acquisition and examination of logical data from mobile devices. No one tool can accomplish everything, and you need to be able to select the right tool for the job at hand.

This day begins with a hands-on evaluation of several toolkits for acquiring logical data from mobile devices to assess their strengths and weaknesses from a forensic perspective. We look at what goes on behind the scenes of various forensic acquisition tools for mobile devices to provide a better understanding of how they work. We also teach approaches to dealing with common challenges that arise in the field, and demonstrate approaches to bolstering weaknesses in a tool with solid forensic processes.

As day 3 progresses, we dig progressively deeper into digital evidence on mobile devices, analyzing call logs, SMS/MMS, photos, and associated metadata. In addition, we demonstrate how to utilize e-mail, Web browsing, and other Internet activities on mobile devices in an investigation. Practical, hands-on case scenarios give you an opportunity to work with multiple forensic examination tools and verify the completeness and accuracy of their results.