Mobile Forensic Certifications

[quote="jekyllIf I was paying big $ for training, I'd rather spend it first on the stuff that really benefits having an expert teach you rather than how to push a button. Learning the tools is important, but nothing beats fundamental understanding and being armed with alternatives to validate tools, find new evidence or work around problems.

So can anyone recommend a good overall US based class that isn't vendor specific?

So can anyone recommend a good overall US based class that isn't vendor specific?

[…]
More seriously, SANS now have a mobile forensic course

http//computer-forensics.sans.org/course/description/mobile-device-forensics-1297
[…]

Just to help out on this thread, and give more information on the MFCE or Mobile Forensic Certified Examiner course I thought I would personally answer any questions that you might have. First, let me give you a little background on why I started this process.

Mobile Forensics Inc is and has always been a non vendor training company since it's start in 2004. We have always utilized all tools available to extract the maximum amount of data, from the first DataPilot Corporate edition to today's XRY. If you are not using multiple tools then you will be missing a vast amount of data during your examination, simply because no tool can extract everything from every device. In our training courses we have always stressed a forensic examination and how to complete this examination whether you are using a vendor's tool, open source tool or hardware service devices. This type of examination is stressed in our 202 course where we don't use vendor tools, but learn how these vendor tools are actually extracting data (and also what they are missing). If you can examine a device in a forensic manner and have this examination be repeatable under the same conditions you are way ahead of the masses currently touting themselves as cellphone forensic analysts. This is why the MFCE process was began, to try and get ahead of the questioning instead of waiting to be reactive when we are made to follow a procedure. I have written about this very fact on the MFI blog. You can read more at blog(DOT)mobileforensicsinc(DOT)com

The MFCE process is not a vendor process like the PCME. Candidates can use any tool, any method and training. Rightly so, MFI, did start the process, but a group of examiners developed the problems that are covered. It is the coach's job to make sure the candidate comes to the sought conclusion to the problem, no matter how they get to it. We stress the process, not the tools. Granted, the are some tools that will work better than others, but no tool is mandatory or made to be purchased just to complete the process. The candidates do not have to attend MFI classes to be eligible to apply, but the candidates must have some advanced training and experience. We require this because the object is not to just take a candidates money and have them fail the process because they did not have a clue about processing cellular phones. So we will turn away candidates if they do not have adequate training and request they get some more training before re applying. Yes some that do have adequate training fail, but again if it is a true process you will have failures.

Each coach has been through the process and each problem given to the candidates. The problems cover topics from formulating a forensic process, developing SOPs to the actual examination of live devices. The process covers understanding that if data changes on the device how can I identify this, and if I can identify the changed data; is it userdata or system data. The MFCE certification is not whether or not I can operate the software correctly.

Postings that I see in this thread are really just assumptions taken from a website. One person was actually explaining they have been through the MFCE and could shed light into the process, but instead is bashed by individuals who have formulated their opinions based on a website's information. This would be like conducting your examination of a device simply by looking at it. Some poster even went so far as critiquing the CAPITALIZATION of a word on the MFCE site calling it amateurish. I don't know who you are forensicakb, but I am sure if you met me I could convince you I am far from an amateur in this arena. If anyone has any other questions on the process please feel free to email me at lee(AT)mfitraining(DOT)com.

Thank you for your time,

Lee Reiber

Thanks Lee for coming in on the conversation and giving us some more info. This is the way to get the word out about what you are doing. I find a lot of courses and certifications are so gaurded, the only ones who know what the certification means are the ones who have done them.

BTW - if someone states they have an opinion based on capitalization of some letters, the rest of us know that opinion is not based on much.

The Paraben level 1 course is good,the MFCE rating should hold up in court as the hours of training are high,and the rating is provided by paraben after completion of time and testing,pricey but worth the $$.Should keep any CD atty on edge,plus the judges would accept it as credible based on the time and course syllabus just my half cent.am wwaiting to hit level 2 and 3,should be fun.