Cellebrite Digital Forensics for Legal Pros (CDFL)

Graphic: CDFL Shield

CLICK HERE TO DOWNLOAD THE CDFL COURSE OUTLINE

Level - Intermediate

Course Length - 2-Days

Delivery Mode - Instructor Led Training

CLICK HERE TO VIEW INSTRUCTOR LED CLASSES
The two-day Cellebrite Digital Forensics for Legal Professionals course is designed to educate personnel charged with the review, submission, and pursuit of justice using digital forensics evidence. The comprehensive course materials are used to engage class participants in hands-on exercises for familiarization with the devices and software used by digital forensic experts. Participants are provided with tools and solutions for use to verify the experts' claims, seek additional information from service providers to assist with timeline and location data, and conduct data analytics. Additionally, legal professionals are offered information on how to question the expert and prepare digital evidence witnesses for the court to present effective testimony.
The CDFL course is comprised of the following modules and lessons:
1. Introduction
  • The identification of digital forensic fundamentals. 
  • Descriptions of best practices for seizing digital evidence items.
  • An overview of mobile device form factors and operating systems.
  • An explanation of cellular technologies and network architecture basics.
  • Discussion on the use of flash memory mass storage.
  • Instruction on the potential uses for cellular device and network location data records.
  • Relate the need to question experts and prepare digital evidence witnesses.
2. Digital Forensics Fundamentals for Legal Professionals
  • Define the meaning of the term forensic science.
  • Describe what the term scientific method means.
  • Practice digital forensic science, not exploitation. 
  • Digital Forensic Science, not Exploitation
3. Best Practices for Seizing Mobile Devices
  • Explain what the term best practice means.
  • Digital and Physical Evidence Identification and Processing Terms
  • Forensically Wiping a Media 
  • Documentation to Maintain the MF Scientific Standards
  • Pre-and-Post Evidence Collection
  • Securing the Scene
  • Evidence Identification and Seizure
  • Collecting the Evidence
  • Device Radio Isolation, Packaging and Transport.
  • Radio Isolation
  • Airplane Mode
  • iOS Airplane Mode
  • Android Device Airplane Mode
  • Power Off or Leave Power On?
  • Packaging
  • Transport
4. Identifying Device and OSs
  • Useful Mobile Device Websites and Identification Tools 
  • Identifying Mobile Devices 
  • Feature Phones 
  • Smart Phone 
  • Enhanced Processor 
  • Graphics Processing Unit (GPU) 
  • MicroSD (a.k.a Transflash) Cards 
  • Tablets 
  • Smart Watches
  • Drones 
  • IoT Devices 
5. Android Overview
  • Recount a historical overview of the Android operating system platform. 
  • Explain the reasons influencing popularity of Android devices and platforms. 
  • Describe Android hardware designs and technologies. 
  • Discuss the Android open-source Operating System and file system structure. 
  • Relate the different varieties of Android security features and complications the protection mechanisms present to examiners and investigators. 
  • Discuss the value of Android devices to investigators. 
  • Explore Android mobile device data extractions with the Cellebrite Physical Analyzer analysis software. 
  • Analyze an Android device data extraction to answer practical exercise questions.
6. iOS Overview
  • Recount a historical overview of the Apples iOS operating system platform. 
  • Explain the reasons influencing popularity of iOS devices and platform. 
  • Describe Apple hardware designs and technologies. 
  • Discuss the Apple iOS Operating System and file system structure. 
  • Relate the different varieties of iOS security features and complications the protection mechanisms present to examiners and investigators. 
  • Discuss the value of Apple iOS devices to investigators. 
  • Explore Apple mobile device data extractions with the Cellebrite Physical Analyzer analysis software. 
  • Analyze an iOS device data extraction to answer practical exercise questions.
7. Cellular Technology and Terminology Overview
  • Provide a brief history of mobile network technology
  • Identify the parts of a cellular network
  • Explain how mobile phones communicate on cellular networks
  • Describe different handset transmission techniques
  • Basic Cellular Network Diagram 
  • Network Location Checks 
  • TDMA - Time Division Multiple Access 
  • iDen - Integrated Digital Enhanced Network
  • CDMA - Code Division Multiple Access 
  • TDMA vs. CDMA\
  • GSM - Global System for Mobile Communications
  • CDMA vs. GSM
  • 5G - The Future 
  • Summary
8. SIM Cards
  • Accurately describe what a SIM card is
  • Identify the difference in SIM Card Versions
  • Outline the SIM card hierarchy
  • Explain how the SIM card may be used by the investigator
  • SIM Card Versions 
  • SIM Card and Stored Data 
  • Universal Subscriber Identity Module (USIM) 
  • SIM Security - PIN/PUK 
  • SIM Contacts 
9. Flash Memory
  • Understand how Flash Memory works
  • Understand NOR memory
  • Understand NAND memory
  • Understand the difference between NOR vs NAND
  • Understand Embedded MultiMedia Card – eMMC
  • Understand Universal Flash Storage 2.0 – UFS
  • Understand Mobile Phone Flash Memory File Systems
  • Understand Encoding
  • Understand Binary
  • Understand the 7 Bit SMS format
  • Understand Garbage Collection
  • Understand Wear Leveling
10. Mobile Device Unique Identifiers and New Technologies
  • Explain why unique mobile device identifiers are used.
  • Identify the parts of a cellular network
  • Explain how mobile phones communicate on cellular networks
  • Overview 
  • International Mobile Equipment Identity (IMEI) 
  • Mobile Equipment Identifier (MEID) 
  • Integrated Circuit Card Identifier (ICCID
  • International Mobile Subscriber Identity (IMSI
  • Mobile Station International Subscriber Directory Number (MSISDN) 
  • Unique Device Identifier (UDID) – Practical
  • IMEI / MEID - Practical 
  • Summary
11. Understanding Extraction Methods
  • Brief Review of File System Organization
  • SIM Extraction/ SIM Cloning - Practical 
  • Camera Services 
  • UFED Extractions 
  • Extraction Methods Options 
  • Logical Extraction Overview 
  • File System Extractions 
  • Physical Extraction Overview 
  • Boot Loaders
  • Cellebrite Extraction Client 
  • Overview of Advanced Techniques
  • Joint Test Action Group (JTAG)
  • Chip-Off
  • JTAG vs Chip-Off
  • Micro Read
  • In-System Programming (ISP)
  • Flasher Boxes
  • Flasher Box and Software Website
12. Locations Data for Mobile Devices
  • Call Details Records
  • NELOS
  • Per Call Measurement
  • Activity Log
  • Real Time Tool
  • Triangulation vs Trilateration
  • Analyze location data identified in a mobile device data extraction.
13. Introduction to UFED Reader and Physical Analyzer
  • Perform an installation of Cellebrite UFED products on a computer workstation. 
  • All projects searches
  • Table searches
  • Advanced filtering
  • Tagging
  • Timeline
  • Report generation
  • Explore data extractions from mobile devices using the Cellebrite Physical Analyzer software. 
  • Demonstrate viewing data in the Cellebrite UFED Physical Analyzer interface.
14. Examination and Reporting for Digital Evidence
  • Describe the critical elements of digital forensic reporting. 
  • Discuss reporting options afforded to the practitioners using the Cellebrite UFED Physical Analyzer features. 
  • Relate vital forensic best practice related to the storage electronic evidence devices and data. 
  • Compile data from a mobile device extract using the Cellebrite Physical Analyzer filtering and tagging features, culminating in the generation of a digital forensic report.
  • Conduct authentication and validation testing of collected data, generate reports using the Cellebrite Physical Analyzer forensic solution.
15. Questioning the Expert
  • Written Policies and Procedures
  • Did changes to data occur?
  • Voir dire hearing.
  • Exhibits or demonstrative evidence.
  • Consider the defense counsels use of the digital evidence.
  • Best approach in testimony.
Supplement Module: Data Encoding
  • Binary
  • Hex
  • ASCII
  • Unicode
  • 7 Bit PDU
CLICK HERE TO VIEW INSTRUCTOR LED CLASSES

Last modified: Wednesday, 2 May 2018, 11:25 AM