Learn how to dive deep into data structures commonly found on mobile phones. This one day (8 hours) class is intended for Intermediate and Advanced mobile forensics practitioners. We will delve into database formats for both SQLite and LevelDB. In addition we will explore the PList and Protocol Buffer (Protobuf) formats. Course is taught using Open Source and freeware tools to ensure that participants can utilize the skills learned in their lab without additional budgetary requirements. Course is hands-on with labs covering each data format.
Live Online Training: Instructor (8 hours) | Materials | Certificate of Attendance
All sessions starts from 8:30 AM to 5 PM (Eastern Time) or upon a mutual agreement
HEX-310 SQLite Analysis
HEX-320 PList Forensics
HEX-340 LevelDB Analysis
HEX-360 Protobuf Analysis
Kim Bradley retired from the Kentucky State Police where she worked the last nine years of her career as Forensic Computer Examiner. She was assigned to the Federal Bureau of Investigation's Cyber Crime Task Force and worked for five years at the Kentucky Regional Forensics Laboratory (KRCFL). While at the KRCFL, she earned the Computer Analysis Response Team (CART) Forensic Examiner certification and served as the Laboratory Quality Manager. Before moving into digital forensics, her state service included positions in software development and database management. In addition to holding several certifications, Kim has a Bachelors degree in Computer Science and a Master of Science degree in Digital Forensic Science.
Learning the significance of SQLite files
Learning how to interact with SQLite files through database browsers
Learning SQLite Query basics
Understanding of the PList file structure and different PList variants
Understanding of the options available for examining PList files
Learning when and where you may find LevelDB content
Understanding how LevelDB organizes data
Utilizing a variety of tools to explore LevelDBs
Understanding the organization of Protobuf data
Utilizing a variety of tools to explore Protobufs
This course is designed for students who have the basics of mobile forensics and are looking to learn more about different data structures.
This training is designed for mobile forensic practitioners.
1. Any computer with an internet connection capable of watching live stream video, will be able to view the live lectures in this class.
2. We recommend systems with the latest Intel/AMD CPU, 8 GB of RAM, 64 GB of disk space, and an Internet connection should be sufficient to work through our labs.
3. Some tools are Windows only; however, if you have Windows VM, that will work.
Full refunds will be provided up to 14 days before the course start date. You are allowed to change the course schedule up to 10 days before the course starts.
“The Data Structures class is exactly what my team and I have been looking for to keep our mobile device analysis skills sharp! The class checked all the boxes I look for in good training: vendor-neutral; fundamentals-focused, detailed content; highly qualified, engaged instructors; plenty of practical exercises; helpful resources we get to keep for future use; and – best of all – relevant and practical knowledge that empowers examiners to BE examiners, enabling them to identify the limits of commercial tools and still get the data of interest. Many thanks to Jessica and her team for this extremely valuable class! It is truly unlike any other course I’ve attended in over a decade of digital forensics work. Much appreciated!”
“I had the privilege of taking this class today and it was hands-down one of the best classes I have ever taken. I still don’t know how Jessica Hyde and the Hexordia team packed so much useful content in one day. It was the perfect combination of lecture, labs and class interaction. If you do mobile forensic analysis and you are just relying on your automated tools without understanding the data structures, it is a matter of time before you either miss information or misinterpret information.”
“Jessica Hyde's mobile data structures course is a short and intensive hands-on training on analyzing mobile device artifacts that are not well covered (if at all) by push-button functionalities in mainstream forensic tools. A highlight of this course is well-prepared sample data that students get to play with. I learned a few new tricks from this course and I had my aha moments too. Very well done and of course, Jessica is a very engaging instructor -- learning from her is a joy.”