Learn how to dive deep into data structures commonly found on mobile phones. This one day (8 hour) class is intended for Intermediate and Advanced mobile forensics practitioners. We will delve into database formats for both SQLite and LevelDB. In addition we will explore the PList and Protocol Buffer (Protobuf) formats. Course is taught using Open Source and freeware tools to ensure that participants can utilize the skills learned in their lab without additional budgetary requirements. Course is hands-on with labs covering each data format.

Training Delivery Details

Live Online Training: Instructor (8 hour) | Materials | Certificate of Attendance

All sessions starts from 8:30 AM to 5 PM (Eastern Time) or upon a mutual agreement

Pricing Options

Please make sure you select the enrollment schedule that works best for you. If none of these work and you are still interested in our training, please contact us.


This training will cover the following courses:

    HEX-310 SQLite Analysis

    HEX-320 PList Forensics

    HEX-340 LevelDB Analysis

    HEX-360 Protobuf Analysis


Jessica Hyde is an experienced forensic examiner in both the government and commercial sectors. She is the founder of Hexordia, a digital forensics contracting organization and Adjunct Professor teaching Mobile Forensics in the graduate program at George Mason University, where she achieved an MS in Computer Forensics. She is also involved in several community efforts including Associate Editor for the Forensic Science International: Digital Investigations Journal, Chair of DFIR Review, International 2nd VP of the High Tech Crime Investigation Association, and a member of the advisory board for Cyber Sleuths Lab. Her previous roles include Director of Forensics at Magnet Forensics, performing forensic examinations as a Sr. Mobile Exploitation Analyst for Basis Technology, Senior at EY, and Senior Electrical Engineer at American Systems. Jessica is also proud to be a veteran of the United States Marine Corps.

Learning Objectives

After completing this course, you are expected to:

  • Learning the significance of SQLite files

  • Learning how to interact with SQLite files through database browsers

  • Learning SQLite Query basics

  • Understanding of the PList file structure and different PList variants

  • Understanding of the options available for examining PList files

  • Learning when and where you may find LevelDB content

  • Understanding how LevelDB organizes data

  • Utilizing a variety of tools to explore LevelDBs

  • Understanding the organization of Protobuf data

  • Utilizing a variety of tools to explore Protobufs


This course is designed for students who have the basics of mobile forensics and are looking to learn more about different data structures.

Who is this Course For?

This training is designed for mobile forensic practitioners.

System Requirements:

What you need to for the course

1. Any computer with an internet connection capable of watching live stream video, will be able to view the live lectures in this class.

2. We recommend systems with the latest Intel/AMD CPU, 8 GB of RAM, 64 GB of disk space, and an Internet connection should be sufficient to work through our labs.

3. Some tools are Windows only; however, if you have Windows VM, that will work.

Cancellation Policy:

Info you need to know to get a refund

Full refunds will be provided up to 14 days before the course start date. You are allowed to change the course schedule up to 10 days before the course starts.


“The Data Structures class is exactly what my team and I have been looking for to keep our mobile device analysis skills sharp! The class checked all the boxes I look for in good training: vendor-neutral; fundamentals-focused, detailed content; highly qualified, engaged instructors; plenty of practical exercises; helpful resources we get to keep for future use; and – best of all – relevant and practical knowledge that empowers examiners to BE examiners, enabling them to identify the limits of commercial tools and still get the data of interest. Many thanks to Jessica and her team for this extremely valuable class! It is truly unlike any other course I’ve attended in over a decade of digital forensics work. Much appreciated!”

Connie Bell