Cellebrite Advanced Smartphone Analysis (CASA) Course - Advanced

Graphic: Cellebrite Advanced Smartphone Analysis Logo Medium.png

Button: Download CASA Syllabus

Level - Expert

Course Length: 4-Days

Cost of CASA: $2,995 USD - Instructor-Led

Button: Find a CASA Class

By passing an examination and practical skills assessment in this course, you will earn the Certified Evidence Repair Technician - Forensic credential.

The Cellebrite Advanced Smartphone Analysis (CASA) class is an expert level four day, twenty eight hour course lead by Cellebrite Certi ed Instructors (CCIs). During this Expert Series course students will take an in-depth look into the challenges presented by iOS, Android and Windows Mobile devices. This hands-on class focuses on forensic recovery of application data in SQLite databases, defeating passcodes. In addition, they will learn about analyzing user data in iOS, Android and Windows Mobile devices. In addition to Cellebrite Physical Analyzer software, a variety of forensic investigative methods are used to get the information you need.

NOTE: It is strongly recommended that students attending this course complete the Cellebrite Mobile Forensics Fundamentals (CMFF) course or test out, the Cellebrite Certified Operator (CCO) course, as well as the Cellebrite Certified Physical Analyst (CCPA) course prior to attending.

The CASA course is comprised of the following modules and lessons:

1. Introduction

2. SQLite Database Structure

  • Identification of SQLite databases.
  • Identification of SQLite database structures.
  • Understand how data is stored within SQLite databases.
  • Understand how SQLite tables are joined.
  • Understand what happens when data is deleted from an SQLite database.
  • Identify functions that may destroy data.

3. OS Overview and Analysis

  • Review the evolution of iOS.
  • iOS demographics and device identification.
  • iOS le system and artifact.s
  • Cellebrite UFED support for iOS analysis.
  • iOS extraction analysis with Physical Analyzer.
  • Property list structures.

4. iOS Device Passcodes

  • Identification of iOS devices.
  • Simple and Complex passcodes.
  • Touch ID – time limits and investigative implications.
  • Recovery of simple and complex passcodes.
  • Using the pairing record to bypass security and extract evidence without the passcode.

5. iOS and iCloud Backups

  • Location of iOS backup files.
  • Naming convention an iOS backup.
  • Handling Encrypted iOS Backup and Extractions.
  • iCloud Evidence.
  • Processing an iOS Backup.

6. Android Overview

  • The evolution of Android OS.
  • Android file systems.
  • Cellebrite UFED support for Android.
  • Extraction and analysis.
  • Extractions methods from Android devices.

7. Android System Artifacts

  • File Systems mounted on an Android device.
  • Wireless networks to which an Android device connects.
  • Partitioning schemas used by Android devices.
  • Other system artifacts important to an investigation.

8. Android User Artifacts

  • Analyze user data found on Android devices.
  • Understand and analyze Android applications.
  • Examine SD card data.
  • Decoding Google Maps data.

9. Windows Mobile Operating System

  • The evolution of Windows Mobile OS.
  • Windows Phone file systems.
  • Cellebrite UFED support for Windows Phone extraction and analysis.
  • Decoding Google Maps data.

10. Windows Phone System Artifacts

  • File systems mounted on a Windows Phone.
  • Wireless networks to which a Windows Phone connects.
  • Partitioning schemas used by Windows Phones.
  • Other system artifacts important to an investigation.

11. Windows Phone User Artifacts

  • Internet Explorer artifacts.
  • SMS messages analysis.
  • MMS messages analysis.
  • User contact analysis.
  • Other artifacts created during the user’s interaction with a Windows Phone.


Button: Find a CASA Class

Last modified: Tuesday, 16 May 2017, 12:11 PM