Mobile Forensic Junior - 5 days
Description
The mobile phone has been evolving for several years as an extension of the workstation and is becoming a privileged target, because it is as close as possible to data. The digital investigation of this type of device aims to identify traces linked to criminal activities, to detect traces of malicious actions and compromise of the mobile phone.
This training aims at presenting the main artifacts present in the Android and iOS environments and to use an open source toolkit in order to analyze them. Adapted analysis methodologies will be presented in order to overcome the black box approach of certain systems and their pre-installed applications which complicate the audit of the phone.
This training exclusively addresses the case where the unlocking secrets of the phone are known.
-
5 days (35 hours)
-
2 mobile exploitation systems: Android & iOS
Public and prerequisites
This training is suitable for people with knowledge of security or Linux system administration. It is mainly aimed at IT teams wishing to have first-level methods for investigating phones and who do not have software dedicated to this activity. More generally, anyone wishing to enrich their professional career with a security component in the mobile field.
-
IT teams
-
System administrators
-
Security teams
Concepts of offensive security and good Unix knowledge are recommended to follow this training.
iPhone and Android phones are provided during the training for the hands-on exercises.
Content
Day 1
Introduction: objectives, getting started and overview of mobile investigation. Mobile forensics fundamentals: acquisition, information source, main formats of interest, timestamp management. iOS fundamentals: representation of the architecture and main services, security model, acquisition methods, file systems, specific data formats.
Day 2
iOS system artifacts: review of the activity of the entire phone by searching for various execution traces or presence of applications. iOS application artifacts: presentation of native applications and third-party applications (activity analysis, specific data).
Day 3
Analysis method: network capture, encrypted backup and sysdiagnose. Android fundamentals: architectures, OEMs, security model, acquisition methods, file systems, specific data formats.
Day 4
Android system artifacts: review of the activity of the entire phone by searching for various execution traces or presence of applications. Android application artifacts: Presentation of native applications and third-party applications (activity analysis, specific data).
Day 5
Malicious APK analysis: static and dynamic analysis methodology and tools. Live analysis with ADB.