Cellebrite Legal Professionals Training (CLPT)
2 days
Entry-level course
Course Description
The two-day Cellebrite Legal Professionals Training course is designed to educate personnel charged with the review, submission, and pursuit of justice using digital forensics evidence. The comprehensive course materials are used to engage class participants in hands-on exercises for familiarization with the devices and software used by digital forensic experts.
Participants are provided with tools and solutions for use to verify the experts' claims, seek additional information from service providers to assist with timeline and location data, and conduct data analytics. Additionally, legal professionals are offered information on how to question the expert and prepare digital evidence witnesses for the court to present effective testimony.
Participants are provided with tools and solutions for use to verify the experts' claims, seek additional information from service providers to assist with timeline and location data, and conduct data analytics. Additionally, legal professionals are offered information on how to question the expert and prepare digital evidence witnesses for the court to present effective testimony.
Course Content
Introduction
- The identification of digital forensic fundamentals
- Descriptions of best practices for seizing digital evidence items
- An overview of mobile device form factors and operating systems
- An explanation of cellular technologies and network architecture basics
- Discussion on the use of flash memory mass storage
- Instruction on the potential uses for cellular device and network location data records
- Relate the need to question experts and prepare digital evidence witnesses
Digital Forensics Fundamentals for Legal Professionals
- Define the meaning of the term forensic science
- Describe what the term scientific method means
- Practice digital forensic science, not exploitation
- Digital Forensic Science, not Exploitation
Best Practices for Seizing Mobile Devices
- Digital and Physical Evidence Identification and Processing Terms
- Forensically Wiping a Media
- Documentation to Maintain the MF Scientific Standards
- Pre-and-Post Evidence Collection
- Securing the Scene
- Evidence Identification and Seizure
- Collecting the Evidence
- Device Radio Isolation, Packaging and Transport
- Radio Isolation
- Airplane Mode
- Packaging
- Transport
Identifying Device and OSs
- Useful Mobile Device Websites and Identification Tools
- Identifying Mobile Devices
- Feature Phones
- Smart Phone
- Enhanced Processor
- Graphics Processing Unit (GPU)
- MicroSD (a.k.a Transflash) Cards
- Tablets
- Smart Watches
- Drones
- IoT Devices
Android and iOS Overview
- Recount a historical overview of the operating system platform.
- Explain the reasons influencing popularity of devices and platforms.
- Describe hardware designs and technologies.
- Discuss the Operating System and file system structure.
- Relate the different varieties of security features and complications the protection mechanisms present to examiners and investigators.
- Discuss the value of devices to investigator
- Explore mobile device data extractions with the Cellebrite Physical Analyzer analysis software.
- Analyze device data extraction to answer practical exercise questions.
Cellular Technology and Terminology Overview
- Provide a brief history of mobile network technology
- Identify the parts of a cellular network
- Explain how mobile phones communicate on cellular networks
- Describe different handset transmission techniques
- Basic Cellular Network Diagram
- Network Location Checks
- TDMA - Time Division Multiple Access
- iDen - Integrated Digital Enhanced Network
- CDMA - Code Division Multiple Access
- TDMA vs. CDMA\
- GSM - Global System for Mobile Communications
- CDMA vs. GSM
- 5G - The Future
- Summary
SIM Cards
- Accurately describe what a SIM card is
- Identify the difference in SIM Card Versions
- Outline the SIM card hierarchy
- Explain how the SIM card may be used by the investigator
- SIM Card Versions
- SIM Card and Stored Data
- Universal Subscriber Identity Module (USIM)
- SIM Security - PIN/PUK
- SIM Contacts
Flash Memory
- Understand how Flash Memory works
- Understand NOR memory
- Understand NAND memory
- Understand the difference between NOR vs NAND
- Understand Embedded Multimedia Card – eMMC
- Understand Universal Flash Storage 2.0 – UFS
- Understand Mobile Phone Flash Memory File Systems
- Understand Encoding
- Understand Binary
- Understand the 7 Bit SMS format
- Understand Garbage Collection
- Understand Wear Leveling
Mobile Device Unique Identifiers and New Technologies
- Explain why unique mobile device identifiers are used.
- Identify the parts of a cellular network
- Explain how mobile phones communicate on cellular networks
- Overview
- International Mobile Equipment Identity (IMEI)
- Mobile Equipment Identifier (MEID)
- Integrated Circuit Card Identifier (ICCID)
- International Mobile Subscriber Identity (IMSI)
- Mobile Station International Subscriber Directory Number (MSISDN)
- Unique Device Identifier (UDID) – Practical/=
- IMEI / MEID - Practical
Understanding Extraction Methods
- Brief Review of File System Organization
- SIM Extraction/ SIM Cloning - Practical
- Camera Services
- UFED Extractions
- Extraction Methods Options
- Logical Extraction Overview
- File System Extractions
- Physical Extraction Overview
- Boot Loaders
- Cellebrite Extraction Client
- Overview of Advanced Techniques
- Joint Test Action Group (JTAG)
- Chip-Off
- JTAG vs Chip-Off
- Micro Read
- In-System Programming (ISP)
- Flasher Boxes
- Flasher Box and Software Website
Locations Data for Mobile Devices
- Call Details Records
- NELOS
- Per Call Measurement
- Activity Log
- Real Time Tool
- Triangulation vs Trilateration
- Analyze location data identified in a mobile device data extraction.
Introduction to UFED Reader and Physical Analyzer
- Perform an installation of Cellebrite UFED products on a computer workstation
- All projects searches
- Advanced filtering
- Tagging
- Timeline
- Report generation
- Explore data extractions from mobile devices using the Physical Analyzer software.
- Demonstrate viewing data in the Physical Analyzer interface.
Examination and Reporting for Digital Evidence
- Describe the critical elements of digital forensic reporting.
- Discuss reporting options afforded to the practitioners using the Cellebrite Physical Analyzer features
- Relate vital forensic best practice related to the storage electronic evidence devices and data
- Compile data from a mobile device extract using the Physical Analyzer filtering and tagging features, culminating in the generation of a digital forensic report
- Conduct authentication and validation testing of collected data, generate reports using the Physical Analyzer forensic solution
Questioning the Expert
- Written Policies and Procedures
- Did changes to data occur?
- Voir dire hearing
- Exhibits or demonstrative evidence
- Consider the defense counsels use of the digital evidence
- Best approach in testimony
Supplement Module: Data Encoding
- Binary
- Hex
- Ascii
- Unicode
- 7 Bit PDU
Last modified: Wednesday, September 28, 2022, 6:10 AM