Oxygen Forensics

February 14 - 16, 2017 - Buckinghamshire, UK - Oxygen Forensic® Complete

Basic Information
Course: Oxygen Forensic® Complete (3 Day Course)
Instructor's name: TBD
Date: February 14 - 16, 2017
Location: E2 Regent Park, Summerleys Road, Princes Risborough, Bucks, HP27 9LE, UK
Cost: Request quote

Course Description

Students will obtain a start to finish education on the use of Oxygen Forensic® Detective.  The course adds to the Basic and Expert course by introducing advanced methods of Smart Device collections and data analysis. Students will examine collect and analyze data from iOS, Android, and Windows Phone smart devices.  Students will work to obtain physical images, understand file system formats, storage methods and evidence locations. Students receive training and instruction on Cloud Storage and extraction techniques using Oxygen Forensic® Detective.  SQLite database data is extremely important to today’s smart device examinations.  Not only will students receive training on the SQLite database format and creating SQL queries, but Property Lists, recovering deleted data, write-ahead-logs, shared-memory-files and interpreting database artifacts using the SQLite Viewer and secondary tools are covered. 

Course Objectives

  • Gain extensive knowledge on today’s smart devices including iOS, Android and Windows Phone.
  • Understand file system formats and data types found within major smart device operating systems.
  • Provide information to students to assist in locating, processing and recovering artifacts from the smart device file system.
  • Gain required knowledge to create advanced SQL queries to recover data from unsupported app and cache files within the smart device file system.
  • Students will gain valuable knowledge during the training that will assist in passing a certification examination

Required Student Resources

Students will receive a manual during class that will contain the class content and worksheets. Some class locations will require the student to supply their own laptop for the training.  

Course Outline Day 1

Topic

Covering

History and Quick Introduction

 

CDMA/GSM

Legality

Isolation Techniques

Device Security

Different ways to connect to a mobile device

Cable
Bluetooth
JTAG

Troubleshooting

Drivers
Connections
ADB

Passwords

iOS
Android

Blackberry

Logical/Physical collections of Smart Devices

Differences
Data Representation of both

Collecting Mobile Device Data

Smart Device Collection
Basic data analysis

Backup and Import of Mobile Device Images

iTunes
Android
JTAG
Other Forensic Solutions

Basic Reporting

Create basic report of Smart Device Collection

 

Course Outline Day 2

Topic

Covering

Multi-device collections

 

iOS

Android

Cases

Creating Cases, Removing Cases, Archiving Cases

Live device

Imported Images

App Data

Analysis of valuable data

Key Evidence

Bookmarking

Aggregated Data and Groups

Contacts
Merge/Un-Merge

Analytics

Social Analysis
Link Analysis
Timelines

Searching

Text
Regular Expressions

Numbers

Advanced Reporting

HTML
PDF

Associated Images
Key Evidence

 

Course Outline Day 3

Topic

Covering

Obtaining File System Data

 

iOS

Android

Windows Phone

Types of File Systems

iOS

Android

Windows Phone

Recovering Artifacts from the smart device

Evidence areas

File Types

Recovery Methods

Cloud Extractions

Using Cloud Extractor

Property List

Data Storage

Types of Data

PLIST Breakdown

SQLite Databases

 

                          

Data Storage

Types of Data

SQLite Breakdown

FreePages

SQL Queries
     Creating/Running

 

Evaluation Procedures and Grading Criteria

Students are evaluated on class participation and the final project.  Passing of class will earn Attendance Certificate and access to online certification examination.

Attendance Statement

Students cannot miss more than 1 hour of class to receive a certificate of attendance. Students completing the course will be eligible to take the Oxygen Forensic® User Certification exam free of charge within 30 days of completing the course.

Pricing 

Request quote