Mobile Device Forensics

The IACIS Mobile Device Forensics Training Program is a 36-hour course of instruction, offered over five (5) consecutive days. The program is designed to provide students with intermediate to advanced skills to analyze and interpret data during cell phone investigations.  This course goes behind the popular tools currently in use to reveal the sources of cell phone data used to store evidence.  At the completion of the course students will be confident in knowing they can gather and explain all data they have located during their examinations.  Students should have some experience in conducting cell phone examinations.


This class now supports both iOS 10+ and Android 7.0+

Topics include:Acquiring file system and physical images from phones, to include handling and procedures for locked devices – Students will learn how to acquire cell phone data, and the different types of techniques to obtain the most relevant data.  Students will become familiar with accessing locked iOS and Android devices, using a variety of techniques including:  bypassing software, flasher boxes, and an introduction to JTAG, ISP, and Chip Off.  Students will learn and practice bypassing current Android OS limitations, allowing a physical image from a phone running Kit Kat and higher.  There are multiple hands on practicals which include using custom recovery and rooting Android phones to bypass the locks.  These methods allow for a full physical extraction of the devices; which commercial tools can not gain access to due to operating system restrictions.There is some usage of both Windows command line and Linux to conduct the practicals.  All the commands and options are explained in detail, no previous command line experience needed!!Details on Android and iOS file systems, their structures, and formats – Students will learn through hands on how the file systems are laid out in both iOS and Android, allowing them to find the data they are looking for quickly and be able to interpret it.  This knowledge will carry over to new releases of the operating systems; ensuring students can continue to stay current.

Validating data obtained from forensic tools, including data that tools miss – learn to interpret and recognize data from apps phones use.  Students will be able to take any application found on a phone, and be able to recognize, interpret and report on its data.  Examples of apps are KiK, Photovault, Snapchat, and the other 125,000 chat applications available.  Students will learn and conduct both manual and automated SQLite recovery methods, ensuring success in their future exams using various tools.

NAND Ram Architecture and storage, carving data from those spaces – learn how cell phones store their data at the physical level, which allows the carving of “deleted” data and recovery of data from damaged phones, or phones which have been JTAG’d or a chip off conducted on.

Other topics include:

Obtaining and processing iOS backup files, both manually and using automated  tools.

Using WiFi data as part of investigations. 

PREREQUISITE: Membership Required. Basic Computer Forensic Examiner [BCFE] course AND completion of the Certified Forensic Computer Examiner [CFCE] certification are highly recommended but not required.

WHEN: May 2017

     MDF – Week 1: May 1-5, 2017  SOLD OUT (Limited to 20 Students)

     MDF – Week 2: May 8-12, 2017 SOLD OUT (Limited to 20 Students) 


Existing IACIS members simply log in with your credentials and go to the products page to purchase and register for the course.

For non-IACIS members, the membership fee is waived with the purchase of the training course; however to register for the course you must complete a membership application at the time of purchase.

Apply for membership and purchase the course on the PRODUCTS PAGE.

COST: $1,495 US Dollars

  • Cancellation of this class may occur if there are insufficient students registered. In the event of a cancellation, personnel will typically be notified by e-mail within 48 hours of the registration closure date. IACIS is not responsible for any individual expenses incurred as a result of a cancellation. The limit of IACIS financial liability is a full refund of the course fee.

****Payment MUST BE RECEIVED at least 30 days prior to the first day of class. Any payment arrangements other than payment through the website or payment via invoice must be approved by the IACIS Treasurer prior to admittance into the course. Please contact the treasurer for questions and approval (

Cancellations within 45 days from the start of class to 30 days from the start of class will be subject to a $150 cancellation fee. There will be no refunds within 30 days from the start of class.****

LOCATION: This course is taught at the Orlando Marriott in Lake Mary, Florida (USA). See the link “Book your group rate” at bottom of page.

COURSE SYLLABUS: Mobile Device Forensics Syllabus
COURSE NOTES: Please read the followng notes regarding this class:

  1. Classes begin at 8:00 AM ET and conclude at 5:00 PM ET, each day, with a one hour lunch break. Classes will end at 5:00 PM ET on the last day of class. Please do not arrange for departing flights prior to 7:00 PM ET to allow time for travel to the airport and any security clearances.
  2. The dress code for the conference is business casual (collared shirts and slacks). The wearing of shorts, flip flops, tank tops, etc. is not allowed in the classroom. Personal computers are not permitted in the classroom. Students are required to attend all classes to successfully complete the program. Students who fail to meet the attendance requirements will not be issued a certificate at the conclusion of the program.

You will find the information for your online reservation link below. If you have questions or need help with the link, please do not hesitate to ask. We appreciate your business and look forward to a successful event.
Start date: 4/28/17
End date: 5/13/17
Last day to book: 4/7/17
Marriott hotel(s) offering your special group rate:
> Orlando Marriott Lake Mary  for 91 USD  per night: Special rate sold out
Book your group rate for IACIS

Overflow nearby hotels

$91 Traditional Rooms Reservation Link:

$121 Executive Club Access Rooms Reservation Link:

IACIS / International Association of Computer Investigative Specialists
Start date: 4/28/17
End date: 5/14/17
Last day to book: 4/7/17
Marriott hotel(s) offering your special group rate:
Courtyard Orlando Lake Mary/North for 91.00 USD per night
Book your group rate for IACIS / International Association of Computer Investigative Specialists

Group Name: IACIS
Group Code: IAC
Check-in: 29-APR-2017
Check-out: 13-MAY-2017
Hotel Name: Homewood Suites by Hilton Lake Mary
Hotel Address: 755 Currency Circle
Lake Mary, Florida
Phone Number: 407-805-9111

Reserve Homewood Suites for IACIS rooms here