Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

DFIR Sneak Peek Course Animations | FOR585: Smartphone Forensic Analysis In-Depth

These FOR585 excerpt animations talk about possible problems you might encounter during mobile device investigations & provide tricks to uncover data.

Authored byViviana Ross

Mobile devices are often a key factor in criminal cases, intrusions, IP theft, security threats, accident reconstruction, and more. Understanding how to leverage the data from the device in a correct manner can make or break your case and your future as an expert. FOR585: Smartphone Forensic Analysis In-Depth teaches you those skills. 

We have produced excerpt animations of the course to talk about possible problems you might encounter during mobile device investigations and also some tricks on how to uncover evidence that you might not know.

FOR585 Course Animation: Potential Crime Scene iPhone and Android

This speaks for itself and you should watch it. At the scene of a crime data is constantly being created. Mobile devices, cell tower data, cloud data and more leave footprints that can tie a person of interest to a crime or exonerate them. 

This sneak peek animation of the FOR585 course will show you how traces are left behind and how the examiner can ultimately paint the picture of the crime using these artifacts.

FOR585 Course Animation: IMEI vs GSM

Mobile identifiers play a key role in investigations and enable us to identify models of phones, potential areas of usage, understand the potential for smartphone components (SIM, SD, etc.) and more. These identifiers help us understand the best way to extract data from the devices ensuring that we get the most data for analysis.

FOR585 Course Animation: How WAL Gets Populated Initial State

Understanding how a WAL and DB interact when applications are being used is a must in DFIR. When separated, the data may not merge and provide a complete answer. When together, the data is complete. This video explains how data exists in the WAL and DB and issues you may have if your tools don’t understand the concepts.

FOR585 Course Animation: Solid State Memory Properties

Wear leveling occurs on mobile devices to extend the life of the device. This process involves data being moved from one page to another, which means old data can be accessed by an examiner until the data is cleaned up.

Learn more about the FOR585: Smartphone Forensic Analysis In-Depth and available Online and In-Person teachings here

1245x705-FOR585_DFIR-2022.jpg

Meet the expert

Viviana Ross

Viviana has over 15 years in the Digital Forensics and Incident Response (DFIR) industry and started her career as a Director of Marketing at some of the top digital forensic hardware acquisition and evidence analysis companies.

Read more about Viviana Ross
DFIR Sneak Peek Course Animations | FOR585: Smartphone Forensic Analysis In-Depth | SANS