Course Number
Primary Program
Course Format

This course introduces the student to the field of applied Mobile Device Forensics as practiced by corporate security and law enforcement personnel. The emphasis is on “live” (powered-on) data extraction and analysis of Linux-based Android mobile devices/cell phones with open-source tools. Topics covered include data extraction from a “live” system; cell phone file systems (EXT/YAFFS) and data recovery; cell phone configuration records; Android/Linux log analysis and operating system artifacts; memory dump analysis (NAND); Android Operating System application artifacts to include SMS/MMS messaging apps, contacts list, calendar, Gmail, browser bookmarks/searches, call logs, picture/video, and GPS/maps; installed application artifacts such as Facebook, Twitter, and TikTok; cell phone network forensics; Subscriber Identity Module (SIM) card analysis; and Secure Digital (SD) card analysis.