Evaluating Mobile Forensics Training & Certification Programs: 5 Questions to Ask



Similar documents
SIMPLIFYING THE COMPLEXITY OF MOBILE DATA FORENSICS

How To Solve A Violent Home Invasion With A United Force

Build Stronger Cases with Mobile Device Link Analysis

LAW PreDiscovery Software Training

Hands-On How-To Computer Forensics Training

OVERVIEW DEGREES & CERTIFICATES

Impact of Juniper Training and Certification on Network Management Activities


Data Center. Business Intelligence. Enterprise Computing Solutions North America. Learning Solutions IBM Training. Brand Photo Here. arrow.

Your path to success. Become a Professional Fitness Trainer

Apply today: strayer.edu/apply SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY MASTER OF SCIENCE IN INFORMATION SYSTEMS RECOGNIZED MARKETABLE FLEXIBLE

Table of Contents. Introduction to MSAB Training Department Training Services Overview XRY Certification training...

How To Be A Computer Forensics Examiner

Become a Location Intelligence expert.

EXTRACTING LEGALLY DEFENSIBLE EVIDENCE FROM THE CLOUD

All students must be proficient with a spreadsheet program and have the following courses (or their equivalent) prior to starting M.S. course work.

Brandman University. School of CCNA

CYBER FORENSICS (W/LAB) Course Syllabus

ARE YOU READY FOR TOMORROW S IT? Discover ITpreneurs full curriculum of Virtualization and Cloud Computing competence development programs

Training Services Course Catalog TRAINING SERVICES

Certified Big Data Science Professional (CBDSP)

INNOVATION. Campus Box 154 P.O. Box Denver, CO Website:

How To Get A Computer Hacking Program

Computer Forensics Preparation

MARK J. ESKRIDGE, OWNER / INVESTIGATOR DIGITAL FORENSIC INVESTIGATIONS, INC. California Private Investigator license #26633

EMC ACADEMIC ALLIANCE

Google Partner Academy, Singapore

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

What Happens When You Press that Button? Explaining Cellebrite UFED Data Extraction Processes

Luna Community College Criminal Justice Program Associate of Arts Degree

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

Certification that packs a punch Become an MMA Conditioning Specialist

Table of contents. 1. Introduction. 1.1 Training Products. 1.2 Training Enrollment. 2. Advanced Architect Course. 3.

CAST Center for Advanced Security Training

TRAINING. OneShield.com Leadership. Service. Technology. That s our policy.

Cyber Learning Solutions

TELUS EMR Suite Wolf EMR

SANS CyberTalent VetSuccess Immersion Academy. VetSuccess

For Your ediscovery... Software

Sage University offers many training options for customers

EMC ACADEMIC ALLIANCE

Viewpoint ediscovery Services

RE: School of Computer Forensic Investigation, Class 7, Eastern Michigan University

IAP2 Certification Program in Public Participation. planning communication techniques

MITEL MICONTACT CENTER AND MIVOICE CALL ACCOUNTING TRAINING OPTIONS WHITEPAPER

Law Enforcement Analyst Certification Standards

Our full capabilities include:

Diablo Valley College Catalog

INSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL

TUV SUD Certified Cloud Computing Elementary Professional (TCCEP) Certification

Services. Computer Forensic Investigations

UNDERGRADUATE PROGRAMME SPECIFICATION

IBM Software Services for Lotus Lotus Professional Certification Programs

EC-Council Ethical Hacking and Countermeasures

Massachusetts Digital Evidence Consortium. Digital Evidence Guide for First Responders

ILLINOIS DEPARTMENT OF CENTRAL MANAGEMENT SERVICES CLASS SPECIFICATION FORENSIC SCIENTIST SERIES

Business Continuity Management Software

Training Agendas and Pricing

Apply today: strayer.edu/apply SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY BACHELOR OF SCIENCE IN INFORMATION SYSTEMS RECOGNIZED MARKETABLE FLEXIBLE

The Business Value of IT Certification

RSA Archer Training. Governance, Risk and Compliance. Managing enterprise-wide governance, risk and compliance through training and education

North American Electric Reliability Corporation (NERC) Cyber Security Standard

POWERFUL! Galileo. Professional Development. Professional Development for Galileo Users. Your Data Is

Cisco Networking Academy Instructor Training Guidelines Revised January 2005

How to Find a Good Computer Forensic Expert

Online Computer Science Degree Programs. Bachelor s and Associate s Degree Programs for Computer Science

Trainer Preparation Guide for Course 10174A: Configuring and Administering Microsoft SharePoint 2010

UTB PeopleSoft Training Plan

Requirements When Considering a Next- Generation Firewall

Track 2: Introductory Track PREREQUISITE: BASIC COMPUTER EXPERIENCE

INFS2608 ENTERPRISE DATABASE MANAGEMENT

MASTER OF SCIENCE IN NURSING

EMPCENTER COURSE CATALOG

Apply today: strayer.edu/apply SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY BACHELOR OF SCIENCE IN INFORMATION TECHNOLOGY RECOGNIZED MARKETABLE

The Cisco ASA 5500 as a Superior Firewall Solution

Certification Programs

Telecommunications Training Catalog

LAKELAND BUSINESS ENGINEERING TECHNOLOGIES. Opportunity. and. starts HERE COMMUNITY COLLEGE.

SUPPLY CHAIN & LOGISTICS

Training & Certification Allegro University

Director of Computer Forensic Services

Transcription:

Evaluating Mobile Forensics Training & Certification Programs: 5 Questions to Ask

Table of Contents How to Evaluate Mobile Forensics Training...3 1. Does the vendor ground you in forensic best practices as well as its tool?...4 2. Does the vendor offer training and certification for every investigative level?...5 3. Is it the right course for the investigations you perform?...6 4. Do the delivery models provide you with the flexibility you need?...7 5. Are the trainers experienced and proficient professionals?...8 Maximize value by choosing the right training vendor...9 Page 2

How to Evaluate Mobile Forensics Training Whether you're new to mobile device forensics, or looking to take your skills to the next level, the amount of available mobile forensics training available can be overwhelming. You might be tempted to sign up for the cheapest course, or the course closest to you. However, cheap or close mean little if the training doesn t prepare you to effectively obtain, use, and testify about mobile device evidence. Good training and certification programs can remove many of these unknowns. From showing you how to get the most out of your mobile forensics hardware and software, to preparing you to testify in court, training should prepare you for a full range of responsibilities as a first responder, mobile data analyst, and/or forensic specialist. Here are some criteria to use in your evaluations. 1 Does the vendor ground you in forensic best practices as well as its tool? 2 Does the vendor offer training and certification for every investigative level? 3 Is it the right course for the investigations you perform? 4 Do the delivery models provide you with the flexibility you need? 5 Are the trainers experienced and proficient professionals? Page 3

1 Does the vendor ground you in forensic best practices as well as its tool? When researching training, you may encounter professionals who believe that the only good training is vendor-neutral training. Their argument: vendor-neutral training focuses on the forensic process across a spectrum of tools, rather than relying on one tool to complete examinations. Vendor-neutral training can improve your overall expertise, and may even provide a package of tools to take back to your office. It can help supplement your process in that it presents a range of options you can use to validate your evidentiary findings. In higher education, it can also serve as a foundation for research and development work. However, it s important to note that courts value examiners who are certified and adept at using specific tools. Because vendor-neutral training likely cannot go as in depth on each tool as a certification course, it cannot show what's possible to achieve in your investigations through extensive use of a single tool's built-in features. Therefore, look for a third option: the vendor that builds its curriculum on a foundation of forensic process. This curriculum builds in third-party tools as part of a broader approach to best practices, including the validation of the vendor s own tool results. This approach ensures that not only will the training prepare you to testify in detail about your use of the vendor s tool; it will also prepare you to discuss your use of the tool as part of an objective forensic methodology. Page 4

2 Does the vendor offer training and certification for every investigative level? Ideally, trainers offer basic, intermediate, and advanced courses for every level of investigative expertise. These should build on one another so that your skills improve with each level. They can be offered by level, or bundled into an entire week's worth of training. If you're brand-new to mobile forensics, look for a course that includes fundamentals, such as the difference between a logical and physical exam, what you can get from a SIM card vs. in-built memory, etc. This type of course should give you the basics of mobile device technology, and forensic process from seizure through extraction to validation. A course that teaches logical extraction should go into more detail on extraction and analysis processes than a basic course does. It should explore logical data analysis methods, focusing on analytics that can help you make immediate use of data. Investigators who want and need to take the next step from basic to advanced forensic examination skills should look for courses that build on the foundation of their existing knowledge. This kind of instruction should include processes like data carving, a wider variety of search and filtering techniques, and device-specific challenges. The more complicated the forensic process, the longer the class should be. That shouldn t put you off, however. Longer classes give you more opportunity to understand the subjects and to interact with experienced instructors as you seek to build your understanding. This will also put you in a better position to apply what you ve learned immediately upon returning to work, no matter what your skill level Are certifications important? is or what your certification is Certification in the use of a tool can be critical to your potential for. status as an expert witness, and even to your testimony as a fact witness. It should help you successfully meet an admissibility challenge in court, as well as withstand cross-examination about your process and the tools you used. Certification can also help employers' decision-making about whether to hire or promote you. The examiner who carries a meaningful, industry-recognized certification means that s/he has demonstrated a level of proficiency and dedication to his or her work, and is prepared not only to meet the demands of forensic analysis, but also to testify about it if called. The ideal certification has both written and practical components, and is offered on a refresher basis to help you keep your skills up to date. No more than two years should pass before you refresh your certification training, to account for the dynamic nature of the cellular market. Page 5

3 Is it the right course for the investigations you perform? Be sure the curriculum at each level meets your requirements for the work you or your employees will be performing. First responders and investigators need the skills to obtain evidence that is both actionable, and legally defensible. This is because in many cases, logical data undeleted low hanging fruit and/or evidence of a nonfelony offense may be enough to build a case. When it provides insights into a subject s patterns of life, including frequent contacts and communications, it may also have immediate intelligence value. Because in these cases, speed is as important as accuracy, the course geared for these needs should cover search and seizure procedures, as well as evidence handling, analysis, and documentation processes that can be applied on the scene and/or back at the office. This type of course should also help investigators collaborate more closely with lab examiners when they need to escalate evidence gathering and analysis. Investigators whose primary job is to focus on mobile device and other forensic examinations need coursework in learning how to do deeper extractions. This is relevant in cases where logical extraction data is circumstantial or unavailable, and it becomes necessary to obtain via file system or physical extraction. Certification in the use of a tool can be important to your potential status as an expert witness. It should help you successfully meet an admissibility challenge in court, as well as withstand cross-examination about your process and the tools you used. It may also help employers' decision-making about whether to hire or promote you. Because these methods can include a wide variety of complex tools and techniques, including data carving, multiple search tools, malware scanning, or other traditionally forensic methods, coursework should cover both automated and manual decoding, analysis, and validation techniques, with an emphasis on preparing examiners to testify about their work in court. Finally, supervisors, prosecutors, and others who are not directly involved in evidence collection, but supervise those who are, should attend a primer course that covers mobile forensics fundamentals. Topics in this course cover basic extraction and analysis capabilities, what search and seizure entails on a mobile device, and evidence handling. Page 6

4 Do the delivery models provide you with the flexibility you need? Look for a curriculum that can be presented in a variety of delivery models, that gives you the flexibility you need to address your specific professional development requirements. Although some courses may be offered to personnel in a single organization, many are set up to allow investigators to network with one another. In-person training is ideal when you are located nearby convenient training facilities, and your schedule allows. It may also be offered at conferences you plan to attend. If your organization has the space, you may be able to save some The money by hosting courses. ideal certification has both written and practical components, and is offered on a Online instructor-led training combines classroom interaction refresher basis to help you keep your with the convenience of internet-based study, when your schedule doesn t fit a planned class training in your area or you are skills up to date. No more than two years should pass before you refresh your located too remotely from classroom training facilities. certification training, to account for Self-paced online training is best for professionals with tight schedules. the dynamic nature of the cellular market. Either way, online training should allow for hands-on expertise via interactive tutorials, and should facilitate timely contact with instructors should you have questions or need help. In addition, training manuals should be available for you to refer back to after your coursework is complete. Is the class length optimal for learning? The more complicated the forensic process, the longer the class should be. That shouldn t put you off, however. Longer classes give you more opportunity to understand the subjects and to interact with instructors as you seek to build your understanding. This will also put you in a better position to apply what you ve learned immediately upon returning to work, no matter what your skill level is or what your certification is for. Basic, intermediate, and advanced level courses should build on one another so that your skills improve with each level. They can be offered by level, or bundled into an entire week's worth of training. Core fundamentals typically can be covered in just eight hours (one day), but certification classes on logical and physical extraction and analysis should each take longer: two to three days (16 to 24 hours), respectively. Page 7

5 Are the trainers experienced and proficient professionals? Whether beginner, intermediate, or advanced, mobile forensics students should seek out trainers who: Understand the forensic process and can answer questions about the material they present Have deep experience with digital forensic examinations, lab, field, and court procedures Train students toward professional goals, not the training organization s goals Are committed to student learning, to the extent that they remain accessible throughout the duration of the course and beyond Have an understanding of adult education and how to read their audience Create curriculum that presents logical, step-by-step instruction that is easy to follow How do you find out whether courses and instructors meet these criteria? Ask. Listservs for HTCIA, IACIS, HTCC, and other groups; forums such as Forensic Focus, phone-forensics.com, and others; and even Twitter all serve as communities you can ask for recommendations. You can also call upon investigators who work at forensic labs in your own region, along with those you may meet at conferences and other events. Be sure to research the trainers teaching the courses, and ask what other students thought of them as well as their material. Page 8

Maximize value by choosing the right training vendor When time and funding are scarce, you need training that will help you maximize your return on investment. This return includes the confidence you need to collect and analyze accurate digital evidence, and the authority you need to testify about your process. Whether you are seeking to get started with mobile forensics, or you re trying to take the next step to become an expert in mobile forensics, look for training vendors who can give you the solid foundation you need in forensic process, the certification you need for your level of responsibility, and the flexibility to complete the curriculum in the time and place that works best for you. Cellebrite's New Standardized Forensic Training and Certification Open to all user levels, from beginners to advanced, Cellebrite certification training provides hands-on experience with Cellebrite products and applications, delivering the tools and knowledge required for evidence collection from mobile phones and portable GPS devices, data analysis, searching, and reporting. Upon completion of a course, each participant receives a certificate, making them eligible to move to the next stage in the curriculum. Upon successful completion of the core curriculum, students have the opportunity to enter an extensive capstone certification process known as Cellebrite Certified Mobile Examiner (CCME). This capstone examination, which includes both knowledge and practical content, tests the student's knowledge in all of the domains offered in Cellebrite's forensic core curriculum. Students must demonstrate proficiency with Cellebrite's tools and methodology at a level that signifies competency as a Cellebrite Certified Mobile Examiner. Cellebrite: Delivering Mobile Expertise Founded in 1999, Cellebrite is a global company known for its technological breakthroughs in the cellular industry with dedicated operations in the United States, Germany, Singapore, and Brazil. A world leader and authority in mobile data technology, Cellebrite established its mobile forensics division in 2007, introducing a new line of products targeted to the law enforcement sector. Using advanced extraction methods and analysis techniques, Cellebrite s Universal Forensic Extraction Device (UFED) is able to extract and analyze data from thousands of mobile devices, including feature phones, smartphones and GPS devices. Cellebrite s UFED is the tool of choice for thousands of forensic specialists in law enforcement, military, intelligence, security, government and private sector organizations in more than 100 countries. Cellebrite is a wholly-owned subsidiary of the Sun Corporation, a listed Japanese company (6736/JQ). Page 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information