ax300 cil – axiom advanced mobile forensics
This course details the use of Magnet AXIOM’s imaging abilities, using the standard mobile device imaging methodologies as well as advanced imaging techniques like TWRP and recovery image flashing when things don’t go as expected or when you encounter locked devices.
For those occasions when even those approaches won’t work, this class also introduces the concepts of ISP, JTAG, and chip-off methodologies to gain access to the data on mobile devices. After obtaining access to the data, participants will leverage Magnet AXIOM Examine to explore the contents and leverage AXIOM’s hallmark ability to reveal a wealth of important investigative artifacts.
Duration: 4 days
1. Understanding of iOS by walk throughs dealing with advanced mobile acquisitions, jailbreaking and physical images, the iTunes Backup Service, Apple File Conduit, and iOS backup Encryption.
2. Gaining access to encrypted backups and the iOS keychain with Passware.
3. Obtaining the image by any means necessary using advanced mobile device acquisition techniques including Chip Off, JTAG, and ISP.
4. Analyzing the difference between Full Disk Encryption (FDE) and File Based Encryption (FBE).
5. Utilization of ADB command in the command line to determine encryption employed.
6. Utilizing direct imaging via recovery mode as well as TWRP to obtain the images.
7. Understanding root exploits and gaining access via exploits.
8. Locating iTunes Backups & Pairing Records, and Exploring backups, plist & org files as well as converting sha1 values.
9. Understanding what to do when unsupported apps are discovered and making sense of the raw data to create Custom Artifacts.
10. Leveraging XML and Python in your Magnet AXIOM investigations to recover even more data.
- You will build the abilities to investigate mobile devices from image acquisition. utilizing backups found on computer media.
- You will gain the understanding of mobile devices operating systems, Plists and SQL lite databases
- You will able locate and parse apps that are unsupported by forensic applications through developing custom artifacts.
what could you
- Practice and theoretical training
- Training materials
- A certificate of completion
who is the
- Service employees, policemen and persons with tasks related to computer forensics within the scope of their duties.
- Forensic analysts.
- Court experts, people responsible in corporations for responding to IT incidents, IT security specialists.
- Employees of IT security and SOCs departments in companies.