When it comes to mobile forensics, it is almost impossible to rely completely on open-source solutions. Often, for open-source tools to work, you need root access or a jailbreak to obtain file system information. In reality, this isn’t always feasible. Because of this, we aim to teach you the best tools for both acquisition and analysis for each iOS and Android. We will cover both commercial and open-source solutions, as well as custom scripts and SQL queries that were developed for smartphone data.

This course will cover where the artifacts exist in the file system of iOS and Android devices and will include operating system updates. We will use our tools to get us to a certain point and then export the files of interest and use manual techniques to further our examination. We do not want you to become the examiner that uses the “find evidence” button, but we do want you to learn how far the tools can take you. Let’s be honest—forensics is not cheap. Smartphone forensics is expensive, and the costs can quickly get out of hand when you are building your toolbox. For that reason, we want to highlight the tools that work most effectively for mobile devices of interest.

We encourage you to be creative and develop SQL queries and scripts that replicate what the commercial tools do. Please share those with us so we can include them in the alumni group or even in the course.