cellebrite instructor-led training

Duration: 5 days
Cellebrite Certified Operator [CCO] PART:

Module 1: Introduction
• Discuss course administration.
• Describe Cellebrite’s core training and certification process.
• Review of the capabilities engineered in the Cellebrite Platforms and digital forensic solutions.
• Discuss a practitioner’s legal responsibilities using Cellebrite products, software, and services.

Module 2: Forensic Handling of Mobile Devices
• Install 4PC and review licensing options
• Install Physical Analyzer and review licensing options
• Describe the phases of the digital forensics process
• Populate data on an Android phone to complete extractions
• Conduct Logical extractions of mobile devices
• Review legal considerations for seizing and searching devices
• Describe the importance of proper evidence handling and documentation

Module 3: Touch2 and 4PC Familiarization
• List the components, features, or functions for the Touch2 and 4PC.
• Describe how to purchase and maintain the license(s) for UFED technology.
• Discuss how to update software and firmware for Touch2 and 4PC.
• Conduct an installation of 4PC on a computer workstation.
• Modify Touch2 and 4 PC configurations for the extraction of different devices and investigative needs.

Module 4: Cellebrite Extraction Methodologies
• Identify best practices for the extraction of data from digital evidence devices.
• Discuss the methods frequently employed by forensic examiners to acquire data from mobile devices. l Explain the SIM file system organization.
• Conduct SIM card extractions and cloning comparisons.
• Apply forensic techniques to produce media storage extractions.
• Operate the Touch2 or 4PC, and Physical Analyzer to conduct device extractions.
• Demonstrate the removal of a passcode from a locked device using Touch2 or 4PC.
• Describe the uses for UFED Camera Services.

Module 5: Triage Reporting
• Explain the fundamental elements of a Reader (UFDR) report produced by Physical Analyzer.
• Describe the reporting options within the Physical Analyzer interface.
• Compose PDF and UFDR reports using digital evidence artifacts recovered during mock investigations.

Module 6: Final Exam
• Complete a , knowledge-based and practical skills assessment
• Evaluate the course components using the Feedback Survey
• Download a Certificate of Attendance
• Download a Certificate of Completion (if awarded)*

Cellebrite Certified Physical Analyzer [CCPA] PART:

Module 1: Introduction
• Discuss course administration.
• Describe Cellebrite’s core training and certification process.
• Review of the capabilities engineered in the Cellebrite Platforms and digital forensic solutions.
• Discuss a practitioner’s legal responsibilities using Cellebrite products, software, and services.

Module 2: Cellebrite UFED Physical Analyzer Overview
• Perform an installation of Cellebrite UFED products on a computer workstation.
• Review the different licensing options for Cellebrite digital forensic solutions.
• Complete the configurations of Cellebrite Physical Analyzer’s advanced settings.
• Explore data extractions from mobile devices using Cellebrite Physical Analyzer.
• Demonstrate viewing data in the Cellebrite Physical Analyzer interface.

Module 3: Introduction to SmartPhone Analysis
• Discuss the Android open-source Operating System and file system structure.
• Relate the different varieties of Android security features and complications the protection mechanisms. present to examiners and investigators.
• Discuss the value of Android devices to investigators.
• Analyze an Android device data extraction to answer practical exercise questions.
• Describe Apple hardware designs and technologies.
• Discuss the Apple iOS Operating System and file system structure.
• Discuss the value of Apple iOS devices to investigators.
• Analyze an iOS device data extraction to answer practical exercise questions.

Module 4: Data Analysis Techniques
• Use the Open (advanced) data extractions option to open and explore an iPhone and iTunes Backup.
• Analyze location data identified in a mobile device data extraction.
• Explore the use of Physical Analyzer human communication language content translation functions.
• Differentiate Wear Leveling and Garbage Collection as the functions influence flash memory data.
• Identify basic flash storage characteristics and NAND organization.
• Conduct automated and manual data carving techniques using Cellebrite Physical Analyzer capabilities.
• Conduct data searches at the byte level and manually tag digital evidence for reporting.
• Conduct data extraction analysis of iOS and Android devices to answer practical exercise questions.

Module 5: SQLite Wizard Familiarization
• Identify SQLite databases.
• Recognize SQLite database structures and possible applications.
• Identify the data storage method for SQLite databases.
• Examine SQLite databases and learn how two tables are joined together.
• Describe the events related to the deletion of data from an SQLite database.
• Recall databases performance behaviors capable of destroying data.
• Illustrate the use of practical skills and knowledge necessary to perform logic-based Fuzzy Modeling procedures.

Module 6: Verification and Validation
• Describe techniques used to validate digital evidence examination findings
• Conduct authentication and validation testing of collected data
• Generate reports using Cellebrite Physical Analyzer

Module 7: Final Exam
• Complete a knowledge-based and practical skills assessment
• Evaluate the course components using the Feedback Survey
• Download a Certificate of Attendance
• Download a Certificate of Completion (if awarded)*