Oxygen Software: Advanced techniques in Forensic Examination of Smartphones and Cell Phones with Oxygen Forensic Suite 2010
Trainers
 Pascal Kurschildgen
Authorized reseller and training provider
|
 Jens Bohl
Authorized reseller and training provider
|
This two-day training is suitable for novices as well as professional mobile phone examiners and
forensic analysts. We will tell you about the main approaches used in mobile forensics,
their advantages and disadvantages. We will teach you how to use all the advanced features of
Oxygen Forensic Suite software to extract the maximum of mobile device information using plain
cables and Bluetooth adapters. You will learn what hidden forensic data can be extracted from
smartphones and how to identify geographical coordinates of phone events (sent/received SMS messages,
camera snapshots etc).
The devices covered by the training are:
- Android smartphones (e.g. T-Mobile G1)
- iPhone 2G, 3G, 3GS;
- Symbian OS smartphones (e.g. Nokia N95, Nokia N73);
- Windows Mobile 5/6 smartphones;
- Cell phones (Nokia, Sony Ericsson, Samsung, Motorola).
This two-day training will include 2 trainings: Standard Level (1st day) and Advanced Level (2nd day). Each student will receive an appropriate Certificate for Standard and Advanced Level.
First day's program contains the following topics:
- Theory about mobile forensics, devices variety, market trends, data stored in modern devices, data extraction methods
- Agent application usage: applicability, advantages, concerns
- The best practices for different device types
- Oxygen Forensic Suite 2010 installation
- Drivers and connection questions
- Agents for different platforms: usage pecularities
- Oxygen Connection Wizard and Data Extraction Wizard usage
- Program interface
- Basic features of each program section
- Full data extraction and analysis example with Nokia S40 and S60 devices
- Use case based on the extracted data
- "Search for text" and "Search for contacts" functions
- Exporting and printing reports
- License policy
- Upgrades and renewals
Second day's program contains the following topics:
- LifeBlog and other advanced features of Symbian OS smartphones (deleted SMS messages, contact field labels, SMSC timestamp etc)
- GPS and Cell coordinates extraction from EXIF/XMP headers of camera snapshots
- How to determine where the snapshot was made and where or where it was uploaded into the device
- Extras: Web cache analyser
- Extras: Phone Activity - list of all phone events with rich grouping and sorting capabilities
- iPhone: data extraction methods, specifics of different firmware and iTunes versions, virgin and jailbroken devices and their data
- iPhone: full data reading and analysis
- iPhone: what additional information is stored in this device, how it can be used for forensic purposes
- iPhone: getting information from password-protected devices and backup files
- iPhone: loading backup image without having the device connected
- Extras: Forensically important files
- Android: variety of the devices, data extraction methods, specifics of different OS versions
- Android: requirements for successfull data extraction
- Android: what the additional information is stored in this device, how it can be used for forensic purposes
- Windows Mobile: connecting with or without ActiveSync, cable and Bluetooth connection
- Windows Mobile: handling the locked device
- Windows Mobile: what the additional information can be read by Oxygen Forensic Suite (message subfolders, attached files, e-mail headers etc)
- Windows Mobile: extracting and analysing deleted contacts and call records in PIM.VOL
