ONLINE MDF: Mobile Device Forensics


The IACIS Online Mobile Device Forensics Training Program is a 36-hour course of instruction being offered online. Starting October 1, students who have registered and paid will gain access to the online course videos and have until December 31st to complete the course. Upon completion, students have the opportunity to take the online Mobile Device Certification exam at no additional charge.

The program is designed to provide students with intermediate to advanced skills to analyze and interpret data during cell phone investigations.  This course goes behind the popular tools currently in use to reveal the sources of cell phone data used to store evidence.  At the completion of the course students will be confident in knowing they can gather and explain all data they have located during their examinations.  Students should have some experience in conducting cell phone examinations.

** UPDATE** This class now supports both iOS 11+ and Android 7.0+

Topics include but are not limited to:

  • Acquiring file system and physical images from phones, to include handling and procedures for locked devices.
  • Students will learn how to acquire cell phone data and the different types of techniques to obtain the most relevant data.
  • Students will become familiar with accessing locked iOS and Android devices, using a variety of techniques including: bypassing software, flasher boxes, and an introduction to JTAG, ISP, and Chip Off.
  • Students will learn and practice bypassing current Android OS limitations, allowing a physical image from a phone running KitKat and higher.
  • There are multiple hands-on practicals which include using custom recovery and rooting Android phones to bypass the locks. These methods allow for a full physical extraction of the devices; which commercial tools cannot gain access to due to operating system restrictions. There is some usage of both Windows command line and Linux to conduct the practicals.  All the commands and options are explained in detail, no previous command line experience needed!!
  • Students will learn through hands-on practicals how the file systems are laid out in both iOS and Android, allowing them to find the data they are looking for quickly and be able to interpret it. This knowledge will carry over to new releases of the operating systems; ensuring students can continue to stay current.
  • Validating data obtained from forensic tools, including data that tools miss – learn to interpret and recognize data from apps that phones use.
  • Students will be able to take any application found on a phone, and be able to recognize, interpret and report on its data. Examples of apps are KiK, Photovault, Snapchat, and the other 125,000 chat applications available.
  • Students will learn and conduct both manual and automated SQLite recovery methods, ensuring success in their future exams using various tools.
  • NAND Ram Architecture and storage, carving data from those spaces – learn how cell phones store their data at the physical level, which allows the carving of “deleted” data and recovery of data from damaged phones, or phones which have been JTAG’d or a chip off conducted on.
  • Obtaining and processing iOS backup files, both manually and using automated
  • Using Wi-Fi data as part of investigations.

PREREQUISITE: Basic Computer Forensic Examiner [BCFE] course AND completion of the Certified Forensic Computer Examiner [CFCE] certification are highly recommended, but not required.

CERTIFICATION: Completion of the online MDF course entitles each member to one attempt at the ICMDE Certification process.  The attempt must be completed within the time frame of your online cycle.  Each online class cycle is three months, a fourth month is allowed for testing.


ONLINE: NEXT COURSE 10/1/19 (Registration opens 7/1/19)

Students who have registered and paid will be given access to the online course effective April 1st, 2019. Access will be terminated on June 30, 2019.


Existing IACIS members simply log in with your credentials and go to the products page to purchase and register for the ONLINE course.

For non-IACIS members, the membership fee is waived with the purchase of the training course; however, to register for the course you must complete a membership application at the time of purchase.

Apply for membership and purchase the ONLINE course on the PRODUCTS PAGE.

COST: $995 US Dollars

**Cancellation/dropping of the course after April 1st will result in the student forfeiting the course registration costs.

REMINDER: Students who have registered and paid will be contacted with course information and website access by April 1st.

Software needed by students for the class:

TWRP 3.0

ODIN 3.10.7


Netcat-win 32-1.12

Hashcat 4.0.1

Strawberry Perl

Plist Editor Pro

Elmcomsoft Phone Breaker

Python – 2.7.9 or 2.7.11 or 3.5.1

SIM card data

Zimmerman Hasher

Time Lord

SQLite Studio


SQ Lite Browser

Sanderson SQLite Studio,Binary Plist Decoder, Date Decoder

Minimal ADB fastboot DB Browser3.10.1

Plist Explorer