Oxygen Forensic Expert Certification
Students will obtain a start to finish education on the use of Oxygen Forensic® Detective. The course adds to the Basic and Expert course by introducing advanced methods of Smart Device collections and data analysis. Students will examine collect and analyze data from iOS, Android, and Windows Phone smart devices. Students will work to obtain physical images, understand file system formats, storage methods and evidence locations. Students receive training and instruction on Cloud Storage and extraction techniques using Oxygen Forensic® Detective. SQLite database data is extremely important to today’s smart device examinations. Not only will students receive training on the SQLite database format and creating SQL queries, but Property Lists, recovering deleted data, write-ahead-logs, shared-memory-files and interpreting database artifacts using the SQLite Viewer and secondary tools are covered.
Students will:
- Gain extensive knowledge on today’s smart devices including iOS, Android and Windows Phone.
- Understand file system formats and data types found within major smart device operating systems.
- Provide information to students to assist in locating, processing and recovering artifacts from the smart device file system.
- Gain required knowledge to create advanced SQL queries to recover data from unsupported app and cache files within the smart device file system.
- Students will gain valuable knowledge during the training that will assist in passing a certification examination
Required Student Resources:
Students will receive a manual during class that will contain the class content and worksheets. Some class locations will require the student to supply their own laptop for the training.
Course Details
- Course Code: AT-OXY
- Duration: 3 Days
- Laptop Required?: Yes
- This class is open to all forensic professionals.
The instructor explained and walked us through the processes in a very understandable way. He took us through the powerpoints and the labs and insured we had a good working knowledge of the material.
What Will I Learn?
| Topic | Covering |
| History and Quick Introduction | CDMA/GSM Legality Isolation Techniques Device Security |
| Different ways to connect to a mobile device | Cable Bluetooth JTAG |
| Troubleshooting | Drivers Connections ADB |
| Passwords | iOS AndroidBlackberry |
| Logical/Physical collections of Smart Devices | Differences Data Representation of both |
| Collecting Mobile Device Data | Smart Device Collection Basic data analysis |
| Backup and Import of Mobile Device Images | iTunes Android JTAG Other Forensic Solutions |
| Basic Reporting | Create basic report of Smart Device Collection |
| Topic | Covering |
| Multi-device collections | iOS Android |
| Cases | Creating Cases, Removing Cases, Archiving Cases Live device Imported Images |
| App Data | Analysis of valuable data |
| Key Evidence | Bookmarking |
| Aggregated Data and Groups | Contacts Merge/Un-Merge |
| Analytics | Social Analysis Link Analysis Timelines |
| Searching | Text Regular ExpressionsNumbers |
| Advanced Reporting | HTML PDFAssociated Images Key Evidence |
| Topic | Covering |
| Obtaining File System Data | iOS Android Windows Phone |
| Types of File Systems | iOS Android Windows Phone |
| Recovering Artifacts from the smart device | Evidence areas File Types Recovery Methods |
| Cloud Extractions | Using Cloud Extractor |
| Property List | Data Storage Types of Data PLIST Breakdown |
| SQLite Databases | Data Storage Types of Data SQLite Breakdown FreePages SQL Queries Creating/Running |
Evaluation Procedures & Grading Criteria
Students are evaluated on class participation and the final project. Passing of class will earn Attendance Certificate and access to online certification examination.
Students cannot miss more than 1 hour of class to receive a certificate of attendance. Students completing the course will be eligible to take the Oxygen Forensic® User Certification exam free of charge within 30 days of completing the course.
Laptop Requirements
We prefer students bring their own laptops whenever possible. If this is not possible, Teel Tech Canada will provide one for you. If you are unable to bring your own laptop, please indicate so on the registration page.
For students bringing a laptop to class, please ensure they meet the following minimum requirements:
- Windows 7
- Windows 8.x and 10.x using these instructions (turn off driver sig enforcement)
- macOS with Bootcamp Windows 7
- macOS with Bootcamp Windows 8.x and Win 10.x using these instructions
- macOS alone will not work (No Virtual Machines)
- 8GB RAM (minimum)
- 100GB storage (minimum)
- You must have Admin rights or have the admin password for software installation.
- NOTE: ALL Windows updates should be done prior to class.