Advanced Smartphone Forensics

Perfect your Mobile Forensic skills

  • Background knowledge on operating systems, encryption and other security mechanisms
  • Advanced data extraction techniques
  • Dealing with sensitive points in the forensic analysis (location data, timestamps, etc.)
  • Professional search in large amounts of data by using regular expressions
  • Continuous update of contents, depending on market developments

Why should you attend this training?

Do you want to get a better grasp on the correct interpretation of location data, time stamps, etc.? Your forensic toolkit lets you down and you are looking for more options? You want to gain detailed knowledge about the functionality of mobile operating systems and security mechanisms in smartphones? The Advanced Smartphone Forensics is a training for mobile forensic professionals who want to sharpen their knowledge and gain advanced techniques for mobile device extraction and analysis.

This training is aimed at experienced forensic professionals who are familiar with the extraction and analysis of mobile devices with Cellebrite UFED, MSAB XRY or similar toolkits. The training teaches valuable background knowledge, the correct interpretation of complex data, as well as advanced techniques that go beyond the capabilities of common forensic toolkits.

The training includes:
  • Demo smartphones
  • Exercises with solutions
  • Exams
  • Certificates
  • Participant guide with detailed description of all training content (includes step-by-step instruction and examples)


The training contents are continously updated, therefore we ask you to contact us if you are interested in this training to ensure that you are up-to-date.

L2A.1 Smartphone operating system: Android
  • Android architecture and security concept
  • Filesystem structure
  • Android Update: Lifecycle
  • Forensic possibilities
L2A.2 Smartphone operating system: Apple iOS
  • iOS architecture and security concept
  • Filesystem structure
  • Particularities analysing iOS devices
  • Forensic possibilities
L2A.3 Advanced extraction techniques
  • Rooting and service modes
  • Bootloaders and TWRP
  • JTAG, ISP and Chip-Off
L2A.4 Cloud
  • Introduction into Cloud
  • Functionality of a cloud network
  • Forensic obstacles and opportunities
  • Possibilities to extract cloud data
L2A.5 Unlocking
  • Current situation
  • Unlocking options for:
    • Android
    • iOS
    • Windows & Blackberry
L2A.6 Timestamps
  • Correct interpretation of time stamps
  • Identification of manipulations
  • Case: When was a photo created?
L2A.7 Location data
  • How is location data created?
  • Correct interpretation of location data
  • Side note: Camera Ballistics
  • Exercise: Practical validation of location data
L2A.8 Hex search
  • Binary and hexadecimal system
  • Encodings
  • Working with Hex-viewer in Cellebrite UFED
  • Manual search and interpretation of raw data
  • Analysis of SQLite databases with hex viewer
L2A.9 Regular expressions
  • Syntax regular expression
  • Exercise: Understanding example expressions
  • Exercise: Designing own expressions
L2A.10 Anti-Forensics
  • Methods to protect mobile data from unauthorized access
  • Perimeter, encryption, trail obfuscation, etc.

The training contents can be adapted to your personal requirements.

If you have further questions, feel free to contact us: or +43 1 929 15 91 – 60.

Mobile Phone Extractions & Analysis Training

Learn the basics of mobile forensics – tool independend & precise knowledge for daily work

Advanced Smartphone Forensics Training

Unlocking, advanced extraction methods and other skills beyond toolkit capabilities

SQLite Forensics for Smartphones

Get additional information from databases & retrieve deleted data