This offer is only good through the New Year! Enjoy Practical Mobile Forensics for $5. A great guide to get your mobile forensic practices in place. Stay tuned for the second edition this summer!
Back by request, here is another coupon code offering 50% off the eBook of Practical Mobile Forensics. This code is only valid until October 2nd and is for the eBook directly from our publisher’s site.
To order, click the link below and enter the Discount code prior to checkout.
Unique link: http://bit.ly/1Qvf018
Discount code: PMF50
We hope this book helps you get the most bang for your buck in mobile forensics. We aimed to include as many open source solutions as possible to conduct mobile device forensics.
I know that training is expensive. Here is a way to attend FOR585 for half the price! Next up:
Tysons Corner, VA
Prague (Cindy Murphy)
All SANS DFIR training listed on this site qualify: http://digital-
Figured I would do a quick blog to see what your greatest issues are when dealing with the smartphones in your investigations:
– Locked devices? If so, which ones?
-Encryption (device level or application level)?
-Parsing the plethora of 3rd party apps found on devices?
Let me know your thoughts. Looking into my next research area and thought I would question the community first to see what is needed.
Have a great afternoon!
Good morning everyone! I try to keep the calendar on this website updated with links to register for events where I will be teaching and speaking. I am still determining my conferences for the year, but here are my planned SANS FOR585 Advanced Smartphone Forensics Courses for 2015 (so far…let’s be honest, they always end up adding more). The entire schedule can be viewed here. Keep in mind not all courses are posted. If you want to do FOR585 on your own, look into OnDemand.
Heather Mahalik will be teaching the following courses:
March 9-14 – Reston, VA – FOR585 Advanced Smartphone Forensics (New labs being released!!!)
May 5 – 10 – San Diego, CA (Who doesn’t want to go to sunny San Diego?)
June 15-20 – SANSFIRE Baltimore, MD (Right at the baseball stadium!)
August 11 – Sept 17 – vLive (online, in your house, in your jammies training)
September 14-19 – NS 2015 Las Vegas, NV (What happens in Vegas stays in Vegas..but not what you learn in FOR585!)
November 3-8 – Ft. Lauderdale (Again, it will be freezing in most places, warm up with me!)
Cindy Murphy will be teaching the following courses:
April 11 – 18 – SANS 2015 Orlando, Fl (Bring your family to Disney!)
May 11 – 16 Amsterdam, Netherlands (Taking FOR585 overseas!)
Boston and Prague – dates to be announced!
I hope to see you in a course in 2015. We are working on a certification and you can help by attending the course. Once you have taken the course, you can take the cert when it’s released. There are a lot of smartphone courses out there and I believe that trying to replicate FOR585 is the best form of flattery. However, the real thing is the best! Come to the class and see for yourself.
Good morning everyone! I know it’s that crazy time of year with the Holidays right around the corner, but some of us are still working… unfortunate, right? Cindy Murphy, my co-author of FOR585 and good friend, took the time to write up her testing and research on the IP-BOX. You can get your own IP-BOX from Teel Technology. Check out their site: http://www.teeltech.com/
In summary, the IP-BOX can be used to defeat simple 4 digit PINS on iOS devices. This includes devices running iOS1 – iOS8. While newer iOS device require additional steps, the good news is that this magical black box may work at bypassing that lock!
If this issue is of interest to you, I would sign up for the SANS FOR585 Advanced Smartphone Forensics course where we discuss the IP-BOX and other methods for dealing with locked smartphones. Until then, please enjoy the paper that Detective Cindy Murphy tool the time to write.
IP Box documentation-rev1 by Cindy Murphy.
Due to the vast amount of responses we got for our Smartphone Forensic Challenge, the winner was just determined. The rules states that the winner must answer 4 of the 6 questions correctly, and the lucky winner answered all 6 questions correctly. Congratulations Shawna Denson, you are the lucky winner!!!!
Thank you to everyone who submitted. FOR585 Advanced Smartphone Forensics is currently being held onDemand, at Network Security 2014 (Las Vegas), and DFIRCON East (Ft. Lauderdale). Cindy Murphy and I hope to see you in the classroom soon!
Stay tuned for Webcasts featuring cutting edge material on iOS8, Windows Phone Forensics and more!
The answers for the Challenge are listed below.
- What third-party applications have been granted access to device camera photos?
Facebook and DropBox
- What third-party applications have been granted access to the device address book?
- Which websites that were visited had requested the iPhone’s geolocation information for optimal browsing and were granted access?
Simply Hired and StubHub
- What permissions does the application MysteryApp.apk NOT have on the device?
- Record audio
- Read contacts
- Send sms
- Record video
- Mount & unmount files
- What is the SHA1 digest value associated with the classes.dex file for the MysteryApp.apk application?
Either answer is acceptable:
SHA1 (value within file) = DDpyDrYdc24hVh6aqWBmpHcfD3A=
SHA 1 (value of entire file)= 0c3a720eb61d736e21561e9aa96066a4771f0f70
- What foreign language word(s) are found within the MysteryApp.apk application?
未接来电 – Missed Calls
Today is the day and two winners have been selected! Just so you are aware, I printed each of your names and put them into a hat. Two names were pulled. Those winners are Ryan Pittman and Sherry Torres-Dor.
I want to thank everyone for the kind and encouraging comments. Your words motivate me to give back as much as I can and continue to learn. I hope to see you in FOR585, FOR518, at a conference or one of my talks soon.
Thanks for the support!
If you are interested in ordering both the eBook and the printed copy, below are some discount codes for you. Also, if you already ordered one and want the other, refer to the codes below.
Also, if customers order the book from our website (https://www.packtpub.com/