Having fun while learning about and pivoting into the world of DFIR.
by ogmini
Continuation from Part 6 looking back at my coursework in the Master’s Degree in Digital Forensic Science. In this post, I’ll be talking about DFS-550 Mobile Device Analysis.
Another enjoyable class that I think might be a little behind on tooling and content. Granted, mobile devices move at an incredible pace with changes and updates. There was no mention of tools like aLEAPP or iLEAPP. Being that the class was online, there was no physical interaction with mobile devices for acquiring images and evidence.
The labs involved engaging scenarios and evidence. The Android based labs were based on material from the Magnet AXIOM Academic Curriculum, 2017. Some of the iOS based labs were based on material from the SANS DFIRCON East Smartphone Challenge. The lab that I enjoyed the most was an iOS one that had evidence created by someone around Champlain College.
The last lab involved decompiling and examining a malicious APK. That was fun.
More importantly, we had some very good discussions on topics such as the legality of mobile forensics and famous case of the FBI and an Apple phone. The differences/complications that might occur between:
Some good debate was also had about the difficulties of mobile device analysis. The difficulty of getting into the devices due to passcodes or passwords. There was some talk about chip-off techniques. Potential for alternative operating systems such as GrapheneOS.