Most comprehensive ...
 
Notifications
Clear all

Most comprehensive mobile forensic tool?

11 Posts
6 Users
0 Likes
515 Views
(@redalert)
Posts: 3
New Member
Topic starter
 

If you were to obtain training on mobile forensics, what would you pick? I am looking for the most comprehensive tool as well as the best overall training. I understand the value of vendor neutral training, I am currently a CFCE. The best vendor neutral training I find is the SANS training, however that runs a hefty 5K.

Suggestions, from the front lines much appreciated.

 
Posted : 04/06/2014 2:19 am
(@forveux)
Posts: 20
Eminent Member
 

What other courses have you turned up in your search? Which country are you in? How far would you be willing to travel for training? I'm not from the front lines whatsoever, but answering these questions may help get a more tailored answer in regards to your situation.

 
Posted : 04/06/2014 10:38 am
(@redalert)
Posts: 3
New Member
Topic starter
 

Very fair. Sorry newbie status.

I am in the US. Willing to travel anywhere domestically for the training. Currently I have highlighted Parabin, AccessData, Oxygen as the three top contenders but that is only due to popularity of the tools which may or may not be reflective of their popularity inside the courtroom.

 
Posted : 04/06/2014 7:26 pm
(@dcs1094)
Posts: 146
Estimable Member
 

As your in the US, take a look at Teel Technologies. They have been highly recommended in the past!

 
Posted : 05/06/2014 12:46 am
(@mobileforensicswales)
Posts: 274
Reputable Member
 

Most comprehensive tool Cellebrite/XRY very close contenders, both have pros and cons, different levels of skills needed to get into both.

Training wise in the UK I cannot recommend Kevin Mansel of Control F forensics enough to give a newbie a good baseline of knowledge as well as his expert series.

All the best in your upcoming career. If you dig deep enough and do your research you will do very well.

Youtube is defiantly your friend for dis assembly guides

 
Posted : 05/06/2014 1:44 am
Adam10541
(@adam10541)
Posts: 550
Honorable Member
 

For mobile forensics the clear stand out tools are Cellebrite UFED and Microsystemation XRY, if you want vendor specific training IMO you would be wasting your time with anyone other than one of those two.

You are fortunate being in the US as by comparison to us poor Australians you have fantastic access to training.

 
Posted : 05/06/2014 6:28 am
(@trewmte)
Posts: 1877
Noble Member
 

Funnily enough a similar question appeared on LinkedIn about becoming a mobile phone examiner and at this early stage it is pretty much agreed that vendor training offers the solution to certify the person is capable to use their tool correctly, but does not certify the person is a mobile phone examiner.

Alternatively, training courses that impart (and the person gains) experience proves far more valuable in order to know which tools (note the plural) to buy.

I am more of an advocate of the second option because I train others and have learned first-hand the concepts people have when first coming into a training course and become aware of their concepts changing quite significantly after they finish the course. However, I have equally performed vendor training even though I am not the manufacturer of the products. The vendor training was undertaken for two reasons. In the late 1990s early 2000s there were few tools around and the names/tools around today weren't there. Moreover, the examiners energy was spent on discovery and made the examiner learn the science, product and usage, skills of handling and examination following which it released value to the examiner to understand what is evidence and where it might reside. Later I changed to a more advanced tool because it helped me further demonstrate about how to find evidence and the tools open platform approach allowed for upgrade as new technology came along. Thus keeping open the door of opportunity to enhance my examination skills and look for a diagnosis and identify potential lines for prognosis.

It is very important when dealing with tools to understand (a) which tools allows you to inform yourself in order to translate the meaning of the evidence and (b) which tools tell you what it means by simply translating the answers for you. Both paths will bring you an education one way or another.

 
Posted : 05/06/2014 10:47 am
Adam10541
(@adam10541)
Posts: 550
Honorable Member
 

I completely agree that the vendor neutral training is both effective and essential, but sadly very expensive and with so many people offering training it becomes difficult to make sure you are getting relevant training from an experienced and knowledgeable person.

I've attended a few training courses (and even some university units) where the man at the front of the room knew very little about what he was trying to teach, but he was exceptionally good at writing up his CV and espousing his credentials P

I have developed very good relationships with all my vendors to the point that I find they are a good resource to find vendor neutral trainers, typically some of those trainers are former vendor employees D

My experience with vendor based training has been that the trainers are very knowledgeable about the subject itself and are not just 'expert tool users'. The good ones will take you through the underlying principals and talk about exactly what the tool is doing and how it parses the information.

The really good ones will show you how to do the same thing (where possible) with some open source software, mostly just to show you how much time their tool can save you, but it also has a good grounding effect to ensure the information sticks.

 
Posted : 05/06/2014 1:04 pm
(@trewmte)
Posts: 1877
Noble Member
 

Post deleted as I made an unintended repeat post of the one below.

 
Posted : 05/06/2014 5:56 pm
(@trewmte)
Posts: 1877
Noble Member
 

I completely agree that the vendor neutral training is both effective and essential, but sadly very expensive and with so many people offering training it becomes difficult to make sure you are getting relevant training from an experienced and knowledgeable person.

I've attended a few training courses (and even some university units) where the man at the front of the room knew very little about what he was trying to teach, but he was exceptionally good at writing up his CV and espousing his credentials P

I have developed very good relationships with all my vendors to the point that I find they are a good resource to find vendor neutral trainers, typically some of those trainers are former vendor employees D

My experience with vendor based training has been that the trainers are very knowledgeable about the subject itself and are not just 'expert tool users'. The good ones will take you through the underlying principals and talk about exactly what the tool is doing and how it parses the information.

The really good ones will show you how to do the same thing (where possible) with some open source software, mostly just to show you how much time their tool can save you, but it also has a good grounding effect to ensure the information sticks.

That is a fair assessment adam and not one I disagree as it again underpins the opinion that more than one tools is needed, which should further assist the OP's original question that there is no one tool solution.

 
Posted : 05/06/2014 6:15 pm
Page 1 / 2
Share: