Oxygen Forensic Expert Certification
Students will obtain a start to finish education on the use of Oxygen Forensic® Detective. The course adds to the Basic and Expert course by introducing advanced methods of Smart Device collections and data analysis. Students will examine collect and analyze data from iOS, Android, and Windows Phone smart devices. Students will work to obtain physical images, understand file system formats, storage methods and evidence locations. Students receive training and instruction on Cloud Storage and extraction techniques using Oxygen Forensic® Detective. SQLite database data is extremely important to today’s smart device examinations. Not only will students receive training on the SQLite database format and creating SQL queries, but Property Lists, recovering deleted data, write-ahead-logs, shared-memory-files and interpreting database artifacts using the SQLite Viewer and secondary tools are covered.
- Gain extensive knowledge on today’s smart devices including iOS, Android and Windows Phone.
- Understand file system formats and data types found within major smart device operating systems.
- Provide information to students to assist in locating, processing and recovering artifacts from the smart device file system.
- Gain required knowledge to create advanced SQL queries to recover data from unsupported app and cache files within the smart device file system.
- Students will gain valuable knowledge during the training that will assist in passing a certification examination
Required Student Resources:
Students will receive a manual during class that will contain the class content and worksheets. Some class locations will require the student to supply their own laptop for the training.
- Course Code: AT-OXY
- Duration: 3 Days
- Laptop Required?: Yes
- This class is open to all forensic professionals.
The instructor explained and walked us through the processes in a very understandable way. He took us through the powerpoints and the labs and insured we had a good working knowledge of the material.
What Will I Learn?
|History and Quick Introduction||CDMA/GSM
|Different ways to connect to a mobile device||Cable
|Logical/Physical collections of Smart Devices||Differences
Data Representation of both
|Collecting Mobile Device Data||Smart Device Collection
Basic data analysis
|Backup and Import of Mobile Device Images||iTunes
Other Forensic Solutions
|Basic Reporting||Create basic report of Smart Device Collection|
|Cases||Creating Cases, Removing Cases, Archiving Cases
|App Data||Analysis of valuable data|
|Aggregated Data and Groups||Contacts
|Obtaining File System Data||iOS
|Types of File Systems||iOS
|Recovering Artifacts from the smart device||Evidence areas
|Cloud Extractions||Using Cloud Extractor|
|Property List||Data Storage
Types of Data
|SQLite Databases||Data Storage
Types of Data
Evaluation Procedures & Grading Criteria
Students are evaluated on class participation and the final project. Passing of class will earn Attendance Certificate and access to online certification examination.
Students cannot miss more than 1 hour of class to receive a certificate of attendance. Students completing the course will be eligible to take the Oxygen Forensic® User Certification exam free of charge within 30 days of completing the course.
We prefer students bring their own laptops whenever possible. If this is not possible, Teel Tech Canada will provide one for you. If you are unable to bring your own laptop, please indicate so on the registration page.
For students bringing a laptop to class, please ensure they meet the following minimum requirements:
- Windows 7
- Windows 8.x and 10.x using these instructions (turn off driver sig enforcement)
- macOS with Bootcamp Windows 7
- macOS with Bootcamp Windows 8.x and Win 10.x using these instructions
- macOS alone will not work (No Virtual Machines)
- 8GB RAM (minimum)
- 100GB storage (minimum)
- You must have Admin rights or have the admin password for software installation.
- NOTE: ALL Windows updates should be done prior to class.