Smartphone Security and Forensics Course


Smartphone Security and Forensics Course


9-13 Oct 2017

Registration deadline:

14 Aug 2017



Tallinn, Estonia

Participation fee:

300 € (no fee for the Sponsoring Nations, Contributing Partners and NATO bodies)

This 5‐day course provides IT‐specialists with an introduction into smartphone security and forensics as well as a good technical overview of challenges and solutions in countering threats from mobile devices. The course will focus mainly on Android and iOS mobile device platforms. It is built upon hands‐on exercises with the practical part providing usage of open‐source or non‐commercial tools during the mobile phone analysis.


The aim of the course is to explain security issues which mobile phones bring  to  the organisation. Understanding how attackers exploit devices helps to understand how to secure them.  

  • Provide an overview of the mobile platform internals
  • Introduce security features of the mobile platforms
  • Understand signs and symptoms of mobile malware infection
  • See and do mobile malware static analysis
  • Understand how attackers exploit mobile phone weaknesses
  • Learn to recognise weaknesses in mobile applications
  • Conduct mobile device penetration test
  • Understand mobile phone forensic process
  • Explain different types of smartphone acquisition
  • Understand how to preserve mobile phone as an evidence
  • Understand SIM card security, do SIM card data analysis
  • See and do SD card acquisition
  • See and do Android mobile phone forensic analysis
  • See and do iPhone forensic analysis. 


Target Audience 

  • This course is introductory
  • This course is for IT security managers who want to get an understanding about what mobile device security is about and capable of. In particular, for technical IT staff, working in the IT area in roles like administrator, auditor, etc., whose normal duties do NOT include smartphone security or smartphone analysis
  • This course is NOT for experienced staff doing smartphone pen testing or malware analysis at daily basis; they will receive only limited benefit from attending


  • Mobile platform internals and security features:
    • Android internals and security features
    • iOS internals and security features
  • Smartphone penetration testing
  • Smartphone malware analysis
    • Types of mobile malware, potentially unwanted applications
    • Signs and symptoms of mobile malware infection
    • Mobile malware detection
    • Static analysis of .apk file
  • Smartphone forensics in general
    • Mobile phone forensic process
    • Smartphone handling and evidence preservation
    • Acquisition process – manual, logical file system, physical
  • SIM card forensics
    • SIM card examination
    • SIM card security
  • SD card analysis
    • SD card acquisition
  • Android forensics
    • Android forensic acquisition methods
    • Android file system structures
    • Android analysis and evidentiary locations​
  • iOS forensics
    • iOS forensic acquisition methods
    • iOS file system structures
    • iOS evidentiary locations
    • Advanced decoding and traces of the user activity. 


  • Basic understanding of computing and mobile phone platforms
  • Good work experience in the Linux and Windows environments, especially command line
  • Comfortable  with  using  virtual  machines  for  training  environment  (Virtual Box or similar)
  • English language skill comparable to STANAG 6001, is required. 
Registration info

Please register for the course by visiting the NATO CCD COE website and completing the provided registration form before the deadline. Should you have any questions, please contact: events -at- 
* Before registering, please check the up‐to‐date course information on the NATO CCD COE website