Learn how to dive deep into data structures commonly found on mobile phones. This one day (8 hours) class is intended for Intermediate and Advanced mobile forensics practitioners. We will delve into database formats for both SQLite and LevelDB. In addition we will explore the PList and Protocol Buffer (Protobuf) formats. Course is taught using Open Source and freeware tools to ensure that participants can utilize the skills learned in their lab without additional budgetary requirements. Course is hands-on with labs covering each data format.

Training Delivery Details

Live Online Training: Instructor (8 hours) | Materials | Certificate of Attendance

All sessions starts from 8:30 AM to 5 PM (Eastern Time) or upon a mutual agreement

Pricing Options

Please make sure you select the enrollment schedule that works best for you. If none of these work and you are still interested in our training, please contact us.


This training will cover the following courses:

    HEX-310 SQLite Analysis

    HEX-320 PList Forensics

    HEX-340 LevelDB Analysis

    HEX-360 Protobuf Analysis


Kim Bradley retired from the Kentucky State Police where she worked the last nine years of her career as Forensic Computer Examiner.  She was assigned to the Federal Bureau of Investigation's Cyber Crime Task Force and worked for five years at the Kentucky Regional Forensics Laboratory (KRCFL).  While at the KRCFL, she earned the Computer Analysis Response Team (CART) Forensic Examiner certification and served as the Laboratory Quality Manager.  Before moving into digital forensics, her state service included positions in software development and database management.  In addition to holding several certifications, Kim has a Bachelors degree in Computer Science and a Master of Science degree in Digital Forensic Science.

Learning Objectives

After completing this course, you are expected to:

  • Learning the significance of SQLite files

  • Learning how to interact with SQLite files through database browsers

  • Learning SQLite Query basics

  • Understanding of the PList file structure and different PList variants

  • Understanding of the options available for examining PList files

  • Learning when and where you may find LevelDB content

  • Understanding how LevelDB organizes data

  • Utilizing a variety of tools to explore LevelDBs

  • Understanding the organization of Protobuf data

  • Utilizing a variety of tools to explore Protobufs


This course is designed for students who have the basics of mobile forensics and are looking to learn more about different data structures.

Who is this Course For?

This training is designed for mobile forensic practitioners.

System Requirements:

What you need to for the course

1. Any computer with an internet connection capable of watching live stream video, will be able to view the live lectures in this class.

2. We recommend systems with the latest Intel/AMD CPU, 8 GB of RAM, 64 GB of disk space, and an Internet connection should be sufficient to work through our labs.

3. Some tools are Windows only; however, if you have Windows VM, that will work.

Cancellation Policy:

Info you need to know to get a refund

Full refunds will be provided up to 14 days before the course start date. You are allowed to change the course schedule up to 10 days before the course starts.


“The Data Structures class is exactly what my team and I have been looking for to keep our mobile device analysis skills sharp! The class checked all the boxes I look for in good training: vendor-neutral; fundamentals-focused, detailed content; highly qualified, engaged instructors; plenty of practical exercises; helpful resources we get to keep for future use; and – best of all – relevant and practical knowledge that empowers examiners to BE examiners, enabling them to identify the limits of commercial tools and still get the data of interest. Many thanks to Jessica and her team for this extremely valuable class! It is truly unlike any other course I’ve attended in over a decade of digital forensics work. Much appreciated!”

Connie Bell

“I had the privilege of taking this class today and it was hands-down one of the best classes I have ever taken. I still don’t know how Jessica Hyde and the Hexordia team packed so much useful content in one day. It was the perfect combination of lecture, labs and class interaction. If you do mobile forensic analysis and you are just relying on your automated tools without understanding the data structures, it is a matter of time before you either miss information or misinterpret information.”

Geraldine Blay

“Jessica Hyde's mobile data structures course is a short and intensive hands-on training on analyzing mobile device artifacts that are not well covered (if at all) by push-button functionalities in mainstream forensic tools. A highlight of this course is well-prepared sample data that students get to play with. I learned a few new tricks from this course and I had my aha moments too. Very well done and of course, Jessica is a very engaging instructor -- learning from her is a joy.”

Albert Hui