Loading Map....

Date/Time

Date(s) - Mon, Aug 07, 2017 - Fri, Aug 11, 2017
9:00 am - 5:00 pm

Location

Wild Manta -- DSI Training Site


CELLEBRITE CERTIFIED OPERATOR COURSE (CCO)

REGISTER FOR THIS EVENT

ufedtouch2_10jul2015cellebrite-insert

Level:  Intermediate

Target Audience:  Investigators, Technicians, CSI Staff, Forensics

Length:  2 days
Delivery Mode:  Instructor Led  Training or Web-Based Training

The Cellebrite Certified Operator (CCO) course is a 2-day intermediate level certification program which builds on the concepts from the CMFF course and is designed for those participants who are tasked with extracting data in a forensically sound manner using UFED Touch or UFED 4PC.

This course is designed to teach data extraction team members such as technically savvy investigators, digital forensic examiners, IT staff, internal affairs investigators, first responders and personnel designated to handle extraction of digital evidence how to perform extractions on a variety of devices. These extractions include logical, file system and physical extractions
from mobile devices as well SIM cards, and external storage such as SD cards.  Participants in this course will gain a basic understanding of how to open the extractions in Physical Analyzer software, conduct basic searches and how to create bookmarks and reports. Students achieve the CCO certification upon passing a knowledge test and practical skills assessment with a score of 80% or better. The only way to earn this CCO certification is by taking the exam along with an associated course, there is no test out available.

Course Objectives:

  • Learn how to handle mobile devices
  • Understand data encoding schemes
  • Install and configure UFED Touch/UFED 4PC
  • Learn best practice when conducting extractions
  • Conduct device extractions
  • Conduct SIM and SD card extractions
  • Learn how to open extractions in Physical Analyzer
  • Learn how to conduct basic searches, and create reports using Physical Analyzer
  • Demonstrate proficiency by passing an exam

Module Breakdown:

Introduction
1 Hour (50 min. seat time)

  • Course introduction and administration
    Course materials
    Instructor introductions
    Participant introductions
    Cellebrite overview

Forensic Handling of Mobile Devices
2 Hours (125 min. seat time)

  • Recognize legal considerations for seizing and searching devices
  • Identify evidence handling procedures on scenes involving mobile devices
  • Use UFED Phone Detective to identify a specific mobile device
  • Recognize various locking mechanisms found on mobile devices
  • Practice applying best practices when seizing devices to a mock scenario

UFED Touch and UFED 4PC
1 Hour (50 min. seat time)

  • Learn about the components for the UFED Touch and UFED 4PC
  • Learn how to license UFED technology
  • Learn to update the firmware
  • Install UFED 4PC
  • Configure UFED Touch and/or UFED 4PC

Cellebrite Extraction Methodology
6 Hours (300 min. seat time)

  • Identify best practices for digital forensic extractions
  • Practice forensically sterilizing media
  • Complete SIM card extractions using UFED Touch/4PC
  • Conduct SD card extractions in a forensically sound manner
  • Use the UFED Touch/4PC and Physical Analyzer to conduct device extractions
  • Complete the removal of a passcode from a locked device using
    UFED Touch/4PC
  • Describe how to use UFED Camera Services

Media System Files & Encoding
1 Hour (50 min. seat time)

  • Basic flash memory characteristics
  • Data encoding schemes to include: Binary, Hexadecimal, ASCII,
  • Unicode, Big Endian/Little Endian, and Nibble
  • Wear Leveling and Garbage Collection as it relates to data on flash
    memory

Introduction to Analyzing User Data
1 Hour (50 min. seat time)

  • Basic Physical Analyzer Configuration
  • Open extractions with Physical Analyzer
  • View data in Physical Analyzer
  • Learn to bookmark items of interest

Reporting on Technical Findings
1 Hour (50 min. seat time)

  • Understand the fundamental elements of a report
  • Understand reporting options within UFED Physical Analyzer
  • Create a report based on evidentiary items

Certification Examination
1 Hour (60 minute timed exam)

The CCO examination is a timed certification examination consisting of
25 randomly selected knowledge and practical questions related to:

  • Handling mobile devices
  • Data encoding schemes
  • UFED Touch/UFED 4PC extraction process
  • Best practice when conducting extractions
  • SIM extractions and cloning
  • SD card extractions
  • Opening extractions in Physical Analyzer
  • Conducting basic searches in Physical Analyzer
  • Creating reports using Physical Analyzer

CELLEBRITE CERTIFIED PHYSICAL ANALYST COURSE (CCPA)

Level:  Advanced
Target Audience:  Investigators, Forensics
Length:  3 days
Delivery Mode:  Instructor Led Training or Web-Based Training

The Cellebrite Certified Physical Analyst (CCPA) course is a 3-day advanced level program designed for technically savvy investigators, digital evidence analysts and forensic practitioners. As this course focuses on the analysis and advanced search techniques using UFED Physical Analyzer, participants will NOT be conducting extractions from devices in this course. UFED Physical
Analyzer software will be used extensively to explore recovered deleted data, database contents, advanced search and analysis techniques, verification and validation, and reporting.

Students will achieve the CCPA certification if they take and pass a knowledge test and practical skills assessment with a score of 80% or better. The only way to earn the CCPA certification is by taking the exam along with an associated course, there is no test out available.  It is strongly recommended that students in this course complete the
Cellebrite Mobile Forensics Fundamentals (CMFF) course or test out, as well as the Cellebrite Certified Operator (CCO) course prior to attending.

Course Objectives:

  • How to conduct advanced analysis on mobile devices
  • Advanced search and analysis techniques
  • Verification and validation of findings
  • Generating custom reports
  • Demonstrate proficiency by passing an exam

Introduction
1 Hour (50 min. seat time)

  • Course introduction and administration
  • Course materials
  • Instructor introductions
  • Participant introductions
  • Cellebrite overview

UFED Physical Analyzer Overview
2 Hour (100 min. seat time)

  • Install Physical Analyzer
  • Install the Translation Package
  • Understand licensing options
  • Configure Physical Analyzer
  • Open extractions with Physical Analyzer
  • View data in Physical Analyzer

Android Overview and Analysis
4 Hour (200 min. seat time)

  • Understand a brief history of Android
  • Understand the popularity of Android
  • Understand Linux hardware
  • Understand the Android and file system
  • Understand key aspects of Android security
  • Understanding the value of Android to investigators

iOS Overview and Analysis
4 Hour (200 min. seat time)

  • Understand a brief history of Apple iOS
  • Understand the popularity of Apple iOS
  • Understand Apple hardware
  • Understand the Apple iOS and file system
  • Understand key aspects of Apple iOS security
  • Understanding the value of Apple iOS to investigators

Advanced Functions
5 Hour (250 min. seat time)

  • Using the Open > Advanced function
  • Analyzing location information
  • Using the translation function
  • Wear Leveling and Garbage Collection
  • Conducting a byte search and manually bookmark data
  • Conducting searches for 7-Bit
  • Using RegEx (regular expression) searches

Verification and Validation
1 Hour (50 min. seat time)

  • Conduct verification and validation of data decoded within the
    Physical Analyzer tool

Plug-Ins and Chain Manager
1.5 Hour (75 min. seat time)

  • Learn about the Plug-in Chain Manager and its capabilities
  • Demonstrate your ability to use the Plug-in Chain Manager

Reporting
1 Hour (50 minute timed exam)

  • Understand reporting options within UFED Physical Analyzer
  • Create a report based on evidentiary items

Certification Exam
1.5 Hours (90 min. time exam)

The CCPA examination is a timed certification examination consisting
of 40 randomly selected knowledge and practical questions related to:

  • Opening extractions in Physical Analyzer
  • Veiwing data in Physical Analyzer
  • Android operating system history and analysis
  • iOS history and analysis
  • Wear leveling and garbage collection
  • Data encoding
  • Plug-in chains
  • Creating reports using Physical Analyzer

REGISTER FOR THIS EVENT

If additional details are needed please contact jchurch@digitalshield.net or Joe Church at 321-704-1336.

Hotel Information for Event:

Comfort Suites
1175 Malabar Road Northeast
Palm Bay, FL 32907
(321) 369-1234

 

Holiday Inn Express Hotel & Suites Palm Bay
1206 Malabar Road Southeast
Palm Bay, FL 32909
(321) 220-2003
Airport:
Melbourne, Florida Airport (MLB) (15 Minutes Driving Time)

Orlando International Airport (MCO) (One hour driving time)

POC: Joe Church 321-704-1336

 

PLEASE  NOTE:  This course is a Cellebrite Vendor course, and payment will be made directly to Cellebrite through the Cellebrite Learning Center (www.cellebritelearningcenter.com).  Once you have registered, you will receive an email with next steps for payment.

NOTE:  Classes are subject to cancellation if there are not at least 8 participants signed up for the class.  If cancellation does occur, each participant will be notified at least two weeks prior to start of the class.  Please hold off making any fights or hotel accommodations until two weeks prior to the class.  

Digital Shield is NOT responsible for costs associated with cancellation of classes such as flight and hotel accommodations for participants.  Cost of the training class would be reimbursed back to the participant 100%.

Bookings

Bookings are closed for this event.