Smartphone Security and Forensics Course (SSFC)

This 5-day course on Smartphone Security and Forensics provides IT-specialists with an introduction into smartphone security and forensics. Participants will learn about technical challenges and respective solutions in order to tackle threats from mobile devices. The course will focus mainly on Android and iOS mobile device platforms. The course includes hands-on exercises using open-source or non-commercial tools during the mobile phone analysis.

The course is also suitable for smartphone security trainers such as lecturers and tutors whose duties include smartphone security and forensics training.


The aim of the smartphone security and forensics course is to explain security issues related to mobile phones in any organisation. Understanding how attackers exploit mobile devices helps to understand how to protect the systems and mitigate risks.

  • Provide an overview of the mobile platform internals
  • Introduce security features of the mobile platforms
  • Understand signs and symptoms of mobile malware infection
  • See and do mobile malware static analysis
  • Understand how attackers exploit mobile phone weaknesses
  • Learn to recognise weaknesses in mobile applications
  • Conduct mobile device penetration test
  • Understand mobile phone forensic process
  • Explain different types of smartphone acquisition
  • Understand how to preserve mobile phone as an evidence
  • Understand SIM card security, do SIM card data analysis
  • See and do SD card acquisition
  • See and do Android mobile phone forensic analysis
  • See and do iPhone forensic analysis

Target Audience

  • This is an introductory course


  • Mobile platform internals and security features:
    • Android internals and security features
    • iOS internals and security features
  • Smartphone penetration testing
  • Smartphone malware analysis:
    • Types of mobile malware, potentially unwanted applications
    • Signs and symptoms of mobile malware infection
    • Mobile malware detection
    • Static analysis of .apk file
  • Smartphone forensics in general:
    • Mobile phone forensic process
    • Smartphone handling and evidence preservation
    • Acquisition process – manual, logical file system, physical
  • SIM card forensics:
    • SIM card examination
    • SIM card security
  • SD card analysis:
    • SD card acquisition
  • Android forensics:
    • Android forensic acquisition methods
    • Android file system structures
    • Android analysis and evidentiary locations
  • iOS forensics:
    • iOS forensic acquisition methods
    • iOS file system structures
    • iOS evidentiary locations
    • Advanced decoding and traces of the user activity


  • Basic understanding of computing and mobile phone platforms
  • Good work experience in the Linux and Windows environments, especially the command line
  • Comfortable with using virtual machines for training environment (Virtual Box or similar)
  • English language skill comparable to STANAG 6001, is required


Registration opens on 29 July 2019. Applicants from CCDCOE member nations should use the registration code provided by their national Point of Contact. An email confirming the participation will be sent only after the registration has closed.

If you have any questions or issues with registration, please contact [email protected]