Windows Phone Forensic Analysis
Windows Phone Forensic Analysis Intermediate • Learning Management System (LMS)
®
This AccessData Windows Mobile training course covers the internals of Windows mobile devices, the way the OS is designed, and the way that the devices store data. We will uncover the way to capture these devices’ data. In the end, like all other Mobile Forensics, Inc., courses, you as the examiner will be armed with the ability to perform forensic analysis both using automated tools as well as manually (to double check the results of the tools). This course uses a multiple-tool approach to mobile phone forensics. We use both free and paid applications and teach the skills needed to find and process data with the aid of specialized software tools. There is no single tool that will process every cellular device in its entirety. Mobile Forensics, Inc., trains you to know where information lies on cell phones and how to extract that information—both with and without tools—so you can obtain the maximum amount of data from mobile devices.
Prerequisites This course is intended for forensics professionals and law enforcement personnel who must conduct mobile device examinations utilizing multiple tools and a tested forensic process. To obtain the maximum benefit from this class, you should meet the following requirements: Read and understand the English language. Attend the AccessData MFI 101 Course or equivalent. Have previous investigative experience in mobile forensic case work. Be familiar with Windows mobile devices. Class Materials and Software You will receive the student training manual and CD containing the training material, lab exercises and classrelated information.
(Continued on other side)
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
Windows Phone Forensic Analysis Intermediate • Learning Management System (LMS)
(Continued)
Module 1: Introduction
Module 3: Logical Extractions
Topics Student Introductions Software Used in This Course: o MPE + o FTK o Windows Mobile Emulators o PIM Backup o Command Line Course Outline
Objectives Describe the logical approach for extraction of a Windows Mobile device. Explain and demonstrate the manual acquisition of Windows Mobile devices using PIM backup. Locate and identify significant data locations on the Windows CE device.
Module 2: Windows Mobile Phone Overview
Module 4: Physical Extraction and Jailbreaking
Objectives Discuss the basic principles of the Windows CE Operating System. Distinguish between different versions of Windows Mobile and Phone. Describe “sandbox” (isolation) as it pertains to Windows Phone 7. Install and use Windows Mobile/Phone emulators.
Objectives Explain different software and hardware used to acquire a Windows CE device. Describe jailbroken devices Explain Windows Phone Device Manager which allows direct access to the file system of the device.
Lab Use Windows Mobile Emulators to view phone contacts, appointments, SMS messages, and browser history. Use Windows Mobile Emulators to send SMS messages, make calls, send email messages, and browse the Internet.
Lab Use MPE+ to extract and export data from a Windows Mobile device.
Lab Use the ITSUTILS utilities to recover information from a Windows mobile device both logically and physically.
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
®
This AccessData Windows Mobile training course covers the internals of Windows mobile devices, the way the OS is designed, and the way that the devices store data. We will uncover the way to capture these devices’ data. In the end, like all other Mobile Forensics, Inc., courses, you as the examiner will be armed with the ability to perform forensic analysis both using automated tools as well as manually (to double check the results of the tools). This course uses a multiple-tool approach to mobile phone forensics. We use both free and paid applications and teach the skills needed to find and process data with the aid of specialized software tools. There is no single tool that will process every cellular device in its entirety. Mobile Forensics, Inc., trains you to know where information lies on cell phones and how to extract that information—both with and without tools—so you can obtain the maximum amount of data from mobile devices.
Prerequisites This course is intended for forensics professionals and law enforcement personnel who must conduct mobile device examinations utilizing multiple tools and a tested forensic process. To obtain the maximum benefit from this class, you should meet the following requirements: Read and understand the English language. Attend the AccessData MFI 101 Course or equivalent. Have previous investigative experience in mobile forensic case work. Be familiar with Windows mobile devices. Class Materials and Software You will receive the student training manual and CD containing the training material, lab exercises and classrelated information.
(Continued on other side)
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
Windows Phone Forensic Analysis Intermediate • Learning Management System (LMS)
(Continued)
Module 1: Introduction
Module 3: Logical Extractions
Topics Student Introductions Software Used in This Course: o MPE + o FTK o Windows Mobile Emulators o PIM Backup o Command Line Course Outline
Objectives Describe the logical approach for extraction of a Windows Mobile device. Explain and demonstrate the manual acquisition of Windows Mobile devices using PIM backup. Locate and identify significant data locations on the Windows CE device.
Module 2: Windows Mobile Phone Overview
Module 4: Physical Extraction and Jailbreaking
Objectives Discuss the basic principles of the Windows CE Operating System. Distinguish between different versions of Windows Mobile and Phone. Describe “sandbox” (isolation) as it pertains to Windows Phone 7. Install and use Windows Mobile/Phone emulators.
Objectives Explain different software and hardware used to acquire a Windows CE device. Describe jailbroken devices Explain Windows Phone Device Manager which allows direct access to the file system of the device.
Lab Use Windows Mobile Emulators to view phone contacts, appointments, SMS messages, and browser history. Use Windows Mobile Emulators to send SMS messages, make calls, send email messages, and browse the Internet.
Lab Use MPE+ to extract and export data from a Windows Mobile device.
Lab Use the ITSUTILS utilities to recover information from a Windows mobile device both logically and physically.
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
