Advanced Smartphone...
 
Notifications
Clear all

Advanced Smartphone Forensics Training

6 Posts
5 Users
0 Likes
523 Views
(@zuberb)
Posts: 4
New Member
Topic starter
 

Hello all,

Looking for in-depth, soup to nuts mobile forensics training. I came across SANS Institute's FOR585 course. The course is $5,350, so I figured I'd ask if anyone in here had taken it, and if so, was it worth the money?

Here's the url http//www.sans.org/vlive/details/for585-11aug2015-heather-mahalik

Thanks,

Bryan

 
Posted : 31/05/2015 4:15 am
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

You will not find a single course with "soup to nuts mobile forensics training". You will have to take several courses in OS, software, firmware hardware, carrier and other areas to be "advanced" (in my opinion).

What area do you want to concentrate on? What is your end-goal?

 
Posted : 01/06/2015 3:54 pm
(@vootz)
Posts: 27
Eminent Member
 

I took FOR585 last summer which Heather taught and I'd highly recommend the course; probably one of the most, if not the most, comprehensive training on mobile analysis I've found out there. The class is definitely more geared towards the analysis phases (including mobile malware), not so much on actually taking an acquisition (but those steps are covered, as well as complexities, security, other "things to be aware of"). It also touches on firmware, carrier info, and so forth. You will use the commercial mobile phone analysis tools (UFED PA, XRY, some Oxygen) for analysis, although other open source and free tools were introduced (and I think she just wrote a book using on using open source tools to do analysis). The course strikes home how not to just rely on the tool reporting or front end analysis, and how you really have to dig deeper to find a ton of information and evidence (databases, hex, deleted, etc). Great course

 
Posted : 01/06/2015 4:17 pm
(@zuberb)
Posts: 4
New Member
Topic starter
 

jhup, completely understand and agree. I'm new to mobile forensics and just looking for value. I'd like to focus on learning how to find stuff the big name tools miss, which this course seems to teach.

Thank you vootz, that's what I was wondering. The description and advertising make it look like the most comprehensive, mobile-specific, and vendor agnostic course I've found. I just wanted to hear it from someone who has completed the course.

 
Posted : 01/06/2015 5:32 pm
(@merriora)
Posts: 44
Eminent Member
 

I agree with the information provided by Vootz. I took the course within the last year and it was one of the best courses I have taken so far with a lot of detailed information. The instructor (Heather) was really good and if you had a question she didn't know the answer for, she was quick to find the answer thru one of her many contacts. As a result of the training, I am pushing my company to send me on future SANS courses. The course also provides you with a lot of detailed books, lab materials and full licensed version of Windows with a custom VM provided for the course loaded with forensics trial software.

 
Posted : 01/06/2015 7:42 pm
pcstopper18
(@pcstopper18)
Posts: 60
Trusted Member
 

I also highly recommend SANS FOR585. I took it earlier this year with Heather as well and she does a great job presenting the information and teaching you the ins and outs. As noted before, acquisition is covered topically (in a very detailed manner) but no actual physical acquisition of devices is done. You need to take a course from Teel Tech or a similar vendor if you want more device hands on. The analysis is top notch and very applicable. I was able to put it to good use on the first case I had after taking the training. She is great with answering questions and getting feedback from other contacts as previously noted as well.

She recently co-authored a book called Practical Mobile Forensics (PAKT publishing). You can check that out as well and it will give you a great look into what is taught in the class as well as being a great reference.

SANS offers very good training in general. I have yet to have a bad experience. The team that works in the forensics area are all top notch (Heather, Rob Lee, etc.). The training is practical, applicable and immediately useful. You learn the about systems, files, and artifacts, never just tools. The only downside is the cost. That has and continues to be my biggest gripe, so just know that it will be about 5k unless you are LE or you do their work study program.

Hope that helps!

 
Posted : 01/06/2015 9:29 pm
Share: