Oxygen Software: Advanced techniques in Forensic Examination of Smartphones and Cell Phones with Oxygen Forensic Suite 2010

This two-day training is suitable for novices as well as professional mobile phone examiners and forensic analysts. We will tell you about the main approaches used in mobile forensics, their advantages and disadvantages. We will teach you how to use Oxygen Forensic Suite to extract more forensically important information from iPhone, Android, Symbian OS and Windows Mobile devices than usually can be extracted by other logical forensic tools.
Besides all the features of Oxygen Forensic Suite students will learn:

• What interesting databases and files can be read from iPhone, Symbian OS and Windows Mobile devices.
• How to decrypt those databases for further investigation.
• How to get access to iPhones protected with a backup password.
• How to read deleted contacts, calls, messages and other records.
• How to identify geographical coordinates of sent/received SMS messages, camera snapshots, video clips and wi-fi sessions.
• How to access Windows Mobile pim.vol file.
• How to bypass ActiveSync when reading data from Windows Mobile devices.
• How to bypass restricted security policy settings in Windows Mobile smartphones.
• How to get access to the custom message folders and sub-folders in Symbian OS and Windows Mobile devices.

The devices covered by the training are:

• Android smartphones (e.g. T-Mobile G1)
• iPhone 2G, 3G, 3GS;
• Symbian OS smartphones (e.g. Nokia N95, Nokia N73);
• Windows Mobile 5/6 smartphones;
• Cell phones (Nokia, Sony Ericsson, Samsung, Motorola).

Important note: Students must have own laptop with Windows XP SP3 (32-bit), Windows Vista SP2 (32-bit) or Windows 7 (32-bit).

This two-day training will include 2 trainings: Standard Level (1st day) and Advanced Level (2nd day). Each student will receive an appropriate Certificate for Standard or Advanced Level (or both ones).

First day's program contains the following topics:

• Theory about mobile forensics, devices variety, market trends, data stored in modern devices, data extraction methods
• Agent application usage: applicability, advantages, concerns
• The best practices for different device types
• Oxygen Forensic Suite 2010 installation
• Drivers and connection questions
• Agents for different platforms: usage pecularities
• Oxygen Connection Wizard and Data Extraction Wizard usage
• Program interface
• Basic features of each program section
• Full data extraction and analysis example with Nokia S40 and S60 devices
• Use case based on the extracted data
• "Search for text" and "Search for contacts" functions
• Exporting and printing reports
• License policy
• Upgrades and renewals

Second day's program contains the following topics:

• LifeBlog and other advanced features of Symbian OS smartphones (deleted SMS messages, contact field labels, SMSC timestamp etc)
• GPS and Cell coordinates extraction from EXIF/XMP headers of camera snapshots
• How to determine where the snapshot was made and where or where it was uploaded into the device
• Extras: Web cache analyser
• Extras: Phone Activity - list of all phone events with rich grouping and sorting capabilities
• iPhone: data extraction methods, specifics of different firmware and iTunes versions, virgin and jailbroken devices and their data
• iPhone: full data reading and analysis
• iPhone: what additional information is stored in this device, how it can be used for forensic purposes
• iPhone: getting information from password-protected devices and backup files
• iPhone: loading backup image without having the device connected
• Extras: Forensically important files
• Android: variety of the devices, data extraction methods, specifics of different OS versions
• Android: requirements for successfull data extraction
• Android: what the additional information is stored in this device, how it can be used for forensic purposes
• Windows Mobile: connecting with or without ActiveSync, cable and Bluetooth connection
• Windows Mobile: handling the locked device
• Windows Mobile: what the additional information can be read by Oxygen Forensic Suite (message subfolders, attached files, e-mail headers etc)
• Windows Mobile: extracting and analysing deleted contacts and call records in PIM.VOL

People can register for:

• 1st day only: $499 training only, $1099 training with PRO license
• 2 days: $999 training only, $1499 training with PRO license
• 2nd day only: $599 training only, $1199 training with PRO license

We offer 20% early bird discount until 31 March 2010.

To register choose the option that does best for you.

• Submit your order online:
  • Sign up for both days
  • Sign up for both days with PRO license
  • Sign up for the 1st day
  • Sign up for the 1st day with PRO license
  • Sign up for the 2nd day
  • Sign up for the 2nd day with PRO license
  
  
• Send Purchase Order

Course date:
May 4-5, 2010

Time:
9 am - 5 pm

Location:
Chicago Police Academy
1300 W Jackson Blvd
Chicago, IL 60607
Google maps of the training location