Dive into recovering and analyzing hidden call history data, deleted images, SMS messages, and more.

Introduction to Mobile Forensics  

Course Objectives:
This course provides students the fundamental concepts to perform physical and logical data extraction from mobile devices in a manner that the integrity of the process is maintained to preserve evidence. The explosive growth of mobile device uses and capabilities has provided important digital evidence that can be crucial in a variety of investigations. Much more than just a tool that is used to communicate, the mobile device has become a mini supercomputer in our pocket, recording much more than the average user is aware of.

Participants in this course will learn about how mobile devices work, the basics of the underlying network that powers these devices, and the vast amount of data these devices hold that can be useful during an investigation.

Using industry-standard tools, participants will gain experience analyzing data from real mobile devices. They will learn the proper evidence handling techniques to prevent data loss and contamination and how to analyze and verify data recovered from these devices. Data that can include not only communication data like call logs, contacts, and SMS messages but also location-based information, search history, deleted data recovery, and more.   


  • Different types of mobile devices
  • Identifying pieces and parts of mobile devices that contain data
  • Proper evidence handling of mobile devices
  • Extraction of data from mobile devices using industry-standard tools
  • Pitfalls and difficulties of data extraction
  • Password and Encryption and how to handle it
  • Analysis of data using industry-standard tools
  • Advanced analysis including database analysis and data carving
  • Discussion of advanced extraction techniques including JTAG, ISP, and chip off
  • Challenges of mobile forensics (device diversity, proprietary hardware/software, data across multiple devices and platforms)