Cellebrite Advanced Smartphone Analysis - Online On Demand

Course type: On Line On Demand
Region: North America
Location: On demand
Log in to see the options to register for this course. If you do not already have an account, create your FREE account. Creating an account does not obligate you to enroll or pay for classes.

About this course



To participate in this On-Demand course, students must have:

  • Access to licensed either a UFED Touch2 or UFED4PC to use during the course.
  • A computer capable of running UFED Physical Analyzer software.
  • A dongle or software license to use UFED Physical Analyzer software.
  • An active internet connection to take this course online.

Cellebrite will provide students with:

  • On Line On Demand Class - The learning environment used to deliver the class.  Access to the Online On Demand class is provided by Cellebrite for 90 days after purchase.
  • Student Manual - Provided by Cellebrite Training in your Student Kit* shipment.
  • USB Drive with Student Resources  - Included in your Student Kit* which the student gets to keep. 
  • Student Downloads, Data Sets, and 3rd party applications - Provided by Cellebrite Training within the class environment and/or USB Drive.
  • NOTE: Estimated delivery of shipments is 5 - 7 days after payment and enrollment are complete.

Students who do not already have or have access to currently licensed Cellebrite hardware and software are encouraged to take one of our Instructor-Led or Live Online classes.

Course Access

Students have a 90-day limited time period to access and complete all content, activities, and exams for this class. Access begins on the day the student’s enrollment is confirmed (voucher consumption) and can be monitored in the top left-hand menu of the class homepage, by use of a timer which shows students the number of days remaining for their access.

  • Although this is a self-paced fully online class, we suggest students follow a similar schedule to the instructor-led format (provided in the next section) in order to ensure they successfully complete the entire class, before their access period expires.
  • In the event that additional access time is needed, the student must wait until the number of days reaches 0 days, at which point the countdown will become a button to request an extension of 30-days. You will not be able to request the extension prior to the expiration of those days, to ensure you get an additional full-term for the request.
  • Extension requests typically take 1-2 business days to review/approve and limited to a one-time request. If the student fails to complete the course after the approval of the 30-day extension, you may be required to purchase the class again and start over.

About CASA: 

By passing an examination and practical skills assessment in this course, you will earn a certification in Cellebrite Advanced Smartphone Analysis.

The Cellebrite Advanced Smartphone Analysis (CASA) class is an expert level four-day, 28-hour course lead by Cellebrite Certified Instructors (CCIs). During this Expert Series course, students will take an in-depth look at the forensic recovery of application data found in today’s smartphones. This class is recommended for those familiar with UFED Physical Analyzer or who have completed the CCPA course. In this course, participants will learn how to decode information which is not decoded by forensic tools. They will also utilize third-party software and Python scripts to analyze, verify and validate findings.  This course uses advanced functions in UFED Physical Analyzer software, attending CCPA prior to this course is strongly recommended.

NOTE: It is strongly recommended that students attending this course complete the Cellebrite Mobile Forensics Fundamentals (CMFF) course or test out, the Cellebrite Certified Operator (CCO) course, as well as the Cellebrite Certified Physical Analyst (CCPA) course prior to attending.

Learning objectives

NOTE: It is strongly recommended that students attending this course complete the Cellebrite Mobile Forensics Fundamentals (CMFF) course or test out, the Cellebrite Certified Operator (CCO) course, as well as the Cellebrite Certified Physical Analyst (CCPA) course prior to attending.

The CASA course is comprised of the following modules and lessons:

1. Introduction

2. SQLite Database Structures

  • Identify mobile device hardware 
  • Identify SQLite databases 
  • Identify SQLite database structures 
  • Explain how data is stored within SQLite databases 
  • Explain how SQLite tables are joined 
  • Discuss what happens when data is deleted from an SQLite database and recovery of data 
  • List functions which may destroy data 
  • Use scripts to extract and analyze binary large object (BLOB) data from databases 
  • Assemble unsupported and new applications using UFED SQL Builder

3. iOS Overview and Analysis

  • Provide a brief overview of iOS demographics 
  • Learn how to identify iOS devices 
  • Describe the structure of the iOS file system 
  • Discuss Cellebrite UFED support for iOS analysis 
  • Analyze iOS extractions with UFED Physical Analyzer 
  • Identify and decode data stored as base64 data from binary plist files 
  • Analyze various artifacts such as health data, data usage, and preference files to support and use in your investigations 
  • Review a processed application for additional relevant data 
  • Parse an unsupported application using the SQL Builder and incorporate the data into Physical Analyzer 
  • Use Python to obtain additional data from Safari and Webkit to aid in web investigations 
  • Learn new artifacts from full file system extractions, such as those from Cellebrite Services and Gray Key

4. iOS Device Access

  • Identifying iOS device hardware 
  • iOS passcodes 
  • Touch ID – time limits and investigative implications 
  • Recovery of simple and complex passcodes 
  • Various methods for potentially gaining access to locked iOS devices

5. iOS and iCloud Backups

  • Identify where iOS backups can be found 
  • Identify iOS backup folder structures 
  • Understand how to handle encrypted iOS Backups and Extractions 
  • Obtain iCloud backup files and how Physical Analyzer handles them 
  • Use open source software to crack the password of an encrypted backup 
  • Learn to use iOS settings to potentially remove the backup password

6. Android Overview

  • Briefly recount the evolution of the Android operating system since its availability in 2007 
  • Identify the different file systems commonly used by Android devices 
  • List the Android devices, file systems, and applications supported by Cellebrite UFED Series 
  • Be familiar with the various extraction methods with Android devices 
  • Understand the various types of Android encryption and possible bypasses

7. Android System Artifacts

  • Discuss how to determine which file systems have been mounted on an Android device. 
  • Locate and analyze relevant system logs, Android artifacts, and device files 
  • Discuss partitioning schemas used on Android devices
  • Look at other applications which may prove valuable to an investigation
  • Locate and decode application usage logs 
  • Identify and parse data from Android User account files

8. Android User Artifacts

  • Decode call logs and timestamps 
  • Track a downloaded files movement within an Android device 
  • Identify media locations 
  • Be able to interpret cloud-based storage accounts used on a mobile device 
  • Decode information related to applications which are not automatically decoded by any forensic tools 
  • Use Python scripts to assist in decoding data 
  • Locate relevant user data items data from both supported and unsupported applications used on a device
  • Decode and parse Google Maps data 
  • Recover additional Chrome and browser-based data to include in your investigations