Students will obtain a start to finish education on the use of Oxygen Forensic® Detective. The course adds to the Basic and Expert course by introducing advanced methods of Smart Device collections and data analysis. Students will examine collect and analyze data from iOS, Android, and Windows Phone smart devices. Students will work to obtain physical images, understand file system formats, storage methods and evidence locations. Students receive training and instruction on Cloud Storage and extraction techniques using Oxygen Forensic® Detective. SQLite database data is extremely important to today’s smart device examinations. Not only will students receive training on the SQLite database format and creating SQL queries, but Property Lists, recovering deleted data, write-ahead-logs, shared-memory-files and interpreting database artifacts using the SQLite Viewer and secondary tools are covered.
Students will receive a manual during class that will contain the class content and worksheets. Some class locations will require the student to supply their own laptop for the training.
|History and Quick Introduction||CDMA/GSM
|Different ways to connect to a mobile device||Cable
|Logical/Physical collections of Smart Devices||Differences
Data Representation of both
|Collecting Mobile Device Data||Smart Device Collection
Basic data analysis
|Backup and Import of Mobile Device Images||iTunes
Other Forensic Solutions
|Basic Reporting||Create basic report of Smart Device Collection|
|Cases||Creating Cases, Removing Cases, Archiving Cases
|App Data||Analysis of valuable data|
|Aggregated Data and Groups||Contacts
|Obtaining File System Data||iOS
|Types of File Systems||iOS
|Recovering Artifacts from the smart device||Evidence areas
|Cloud Extractions||Using Cloud Extractor|
|Property List||Data Storage
Types of Data
|SQLite Databases||Data Storage
Types of Data
Students are evaluated on class participation and the final project. Passing of class will earn Attendance Certificate and access to online certification examination.
Students cannot miss more than 1 hour of class to receive a certificate of attendance. Students completing the course will be eligible to take the Oxygen Forensic® User Certification exam free of charge within 30 days of completing the course.
We prefer students bring their own laptops whenever possible. If this is not possible, Teel Tech Canada will provide one for you. If you are unable to bring your own laptop, please indicate so on the registration page.
For students bringing a laptop to class, please ensure they meet the following minimum requirements: