MDF: Mobile Device Forensics

The IACIS Mobile Device Forensics Training Program is a 36-hour course of instruction, offered over five (5) consecutive days. This program will expand the students existing mobile forensic knowledge and skillset. It is designed to provide students with intermediate to advanced skills needed to detect, decode, decrypt, and analyze evidence recovered from mobile devices during mobile device investigations. Using instructor-led exercises and hands-on practical’s students will learn the necessary skills to go behind the automation processes of popular mobile forensic tools and will have gained the competency to apply these skills during an investigation to reveal the sources of cell phone data used to store evidence. Upon the completion of the course students will be confident in knowing they can gather and explain the data they have located during a mobile device examination.

Although the program will provide some of the skills and materials needed to prepare for their ICMDE certification, this specific training program is NOT designed as a class specific to the certification. Students who have the desire to take the ICMDE will need to complete additional reading and study of the provided materials, as well as the recommended study material, to obtain a deeper understanding needed for preparing to take the ICMDE.

Topics include but are not limited to:

  • Acquiring file system and physical images from phones, to include handling and procedures for locked devices
  • Students will learn how to acquire cell phone data, and the different types of techniques to obtain the most relevant data.
  • There is some usage of command line to conduct the practical’s. The commands are explained in detail; however, some students may find previous command line experience helpful.
  • Students will learn through hands-on exercises how the file systems are laid out in both iOS and Android, allowing them to find the data they are looking for quickly and be able to interpret it. This knowledge will carry over to new releases of the operating systems ensuring students can continue to stay current.
  • Validating data obtained from forensic tools, including data that tools miss.
  • Students will learn advanced third-party application analysis to interpret, recognize and decode artifacts stored by these applications.
  • Flash Memory, NAND Ram Architecture and learn how cell phones store their data at the physical level.
  • Obtaining and processing iOS backup files, including manual decoding, parsing and cracking of encrypted backup file images.
  • Viewing and interpreting iOS files such as plists to obtain valuable evidence.
  • Students will learn to use ADB and manually extract data from an Android device for those times when a commercial tool is unable to.
  • Students will learn about using python scripts and how to use them to enhance the data they can obtain during their examinations including manual application use of the queries.
  • Understand how SQLite databases function and how the data is stored, including how to use simple queries to manually parse the data.

CERTIFICATION: Attendance at MDF entitles each member to one attempt at the ICMDE Certification process.  Further details as to the timeline for certification will be provided upon completion of MDF and upon beginning the ICMDE.

WHEN:  April 24-28, 2023 (Week 1 ) or May 01-05, 2023 (Week 2)

COST: $2,495.00 US Dollars

EQUIPMENT:
Classroom laptops will be given to the students to take home and keep.

2023 REGISTRATION: 

Existing IACIS members: Log in with your credentials and go to the Products page to purchase and register for the course.

Non-IACIS members: Membership fee is waived with the purchase of the training course; however, to register for the course you must complete a membership application at the time of purchase. Purchase training course HERE.

****Payment MUST BE RECEIVED at least 45 days prior to the first day of class. Any payment arrangements other than payment through the website or payment via invoice must be approved by the IACIS Treasurer prior to admittance into the course. Please contact the treasurer for questions and approval (treasurer@iacis.com)

Cancellations within 45 days from the start of class to 31 days from the start of class will be subject to a $150 cancellation fee. There will be no refunds within 30 days from the start of class.****

* On-Site Check-in Times (student pickup of equipment, ID card, IACIS info) are:

Week 1:  Sunday, April 23, 2023: 1800 – 2100

    Monday, April 24, 2023: 0700 – 0800

 

Week 2:  Sunday, April 30, 2023: 1800 – 2100

    Monday, May 01, 2023: 0700 – 0800

* Please make arrangements to arrive in time to check-in so that you may be in class promptly the first day.

COURSE NOTES:

Please read the following notes regarding this class:

  1. Classes begin at 8:00 AM ET and conclude at 5:00 PM ET, each day, with a one-hour lunch break. Classes will end at 4:00 PM ET on the last day of class. Please do not arrange for departing flights prior to 7:00 PM ET to allow time for travel to the airport and any security clearances.
  2. The dress code for the conference is business casual (collared shirts and slacks). The wearing of shorts, flip flops, tank tops, etc. is not allowed in the classroom. Personal computers are not permitted in the classroom. Students are required to attend all classes to successfully complete the program. Students who fail to meet the attendance requirements will not be issued a certificate at the conclusion of the program.

HOTEL BOOKING: 

The course will be taught at the Caribe Royale Hotel, 8101 World Center Drive, Orlando, Florida 32821 (USA).  This hotel is 16 miles from the Orlando International Airport, it has a large pool, spacious workout facility and is close to Disney World and Universal Studios.

URGENT NOTICE 

Due to an unprecedented situation with Caribe Royale, the hotel is completely booked for week one of the 2023 IACIS Training event.   

IACIS is currently working with Orlando Marriott to determine if we can use it as overflow, but at the time of this writing we have no information on what they have available or if they will honor GSA rates. We will update this site as new information become available.
 

​​NAME​   ​​PHONE​  
Embassy Suites by Hilton Orlando Lake Buena Vista South   1(407)597-4000  
​​Orlando Marriott World Center​    1(407)239-4200  
Gaylord Palms Resort & Convention Center   1(407)586-0000  
​​Walt Disney World Swan​    1(407)934-3000  
Walt Disney World Dolphin Resort   1(407)934-4000  

Also, if you are government employee you may be able to use FedRooms.com to find GSA rate lodging in the area.   

Please note: Availability at the Caribe Royale may change as time gets closer to the event so it is recommended that you check with the Caribe Royale often by using booking via this Caribe Royale Hotel link here. As a reminder, if you are not a Caribe Royale Hotel guest and require daily parking on hotel property during the event you will be responsible for all associated parking fees. 

Or book via phone by calling the following numbers: 

Reservations Toll Free: 1-800-823-8300/1-888-258-7501 or our local number 407-238-8000. 

CANCELLATION INFO:

If IACIS is unable to hold their 2023 Orlando training event, then all students who have registered and paid, will have the option of a full refund or a reserved seat at the 2024 training event.  IACIS is not responsible for any outside expenses (e.g. travel and accommodation) in the event of the training event being cancelled.  Anyone who paid for training will receive complimentary membership through the year that his/her training takes place.