Smartphone Security and Forensics

The 5‐day Smartphone Security and Forensics course provides a good technical overview of challenges and solutions in countering threats from mobile devices. The target audience is technical IT staff whose normal duties do not include smartphone security and forensics analysis. The course will focus mainly on Android and iOS mobile device platforms. The practical part of the course provides hands‐on exercises using mainly open‐source or non‐commercial tools during the mobile phone analysis.


The aim of the course is to explain security issues which mobile phones bring to the organisation. Understanding how attackers exploit devices helps to understand how to protect them.

  • Provide an overview of the mobile platform internals
  • Introduce security features of the mobile platforms
  • Understand signs and symptoms of mobile malware infection
  • See and do mobile malware static analysis
  • Understand how attackers exploit mobile phone weaknesses
  • Learn to recognise weaknesses in mobile applications
  • Conduct mobile device penetration test
  • Understand mobile phone forensic process
  • Explain different types of smartphone acquisition
  • Understand how to preserve mobile phone as an evidence
  • Understand SIM card security, do SIM card data analysis
  • See and do SD card acquisition
  • See and do Android mobile phone forensic analysis
  • See and do iPhone forensic analysis.

Target Audience

  • Technical IT Staff, working in the IT area whose normal duties do not include smartphone security and forensics analysis. This course is introductory. Experienced IT staff doing smartphone security evaluations and forensics examinations on a regular basis may receive only limited benefit from attending the course.
  • IT Security staff who might be first responders to smartphone security incidents and want to secure evidence for later analysis, when no smartphone forensic staff is available.
  • IT staff who will acquire an initial skill set of how to conduct smartphone security and forensics analysis.
  • Smartphone security trainers such as lecturers and tutors whose duties include smartphone security and forensics training.


  • Mobile platform internals and security features:
    • Android internals and security features
    • iOS internals and security features
  • Smartphone penetration testing
  • Smartphone malware analysis
    • Types of mobile malware, potentially unwanted applications
    • Signs and symptoms of mobile malware infection
    • Mobile malware detection
    • Static analysis of .apk file
  • Smartphone forensics in general
    • Mobile phone forensic process
    • Smartphone handling and evidence preservation
    • Acquisition process – manual, logical file system, physical
  • SIM card forensics
    • SIM card examination
    • SIM card security
  • SD card analysis
    • SD card acquisition
  • Android forensics
    • Android forensic acquisition methods
    • Android file system structures
    • Android analysis and evidentiary locations​
  • iOS forensics
    • iOS forensic acquisition methods
    • iOS file system structures
    • iOS evidentiary locations
    • Advanced decoding and traces of the user activity


  • Basic understanding of mobile phone platforms
  • Good work experience in the Linux and Windows environments, especially command line
  • Comfortable  with  using  virtual  machines  for  training  environment  (Virtual Box or similar)
  • English language skill comparable to STANAG 6001, is required.


Registration opens in 2019. An email confirming the participation will be sent only after the registration has closed.

If you have any questions or issues with registration, please contact [email protected]