Price: $2,310 inc GST per person
Location: CDFS Training Centre, Fyshwick ACT
2 Day, Instructor Led Training (ILT) CCO
The 2-day, Cellebrite Certified Operator (CCO) course is a valuable mobile forensic certification program, with an extraordinary emphasis on the digital forensics tools operator. Immediately following perfunctory introductions, no time is wasted, and participants begin hands-on activities installing software and pre extraction device activities. The CCO program is designed to improve digital forensics workflows by exposing attendees to a linear evidence collection, examination, and post-processing architecture. The course is designed to accommodate passive and active learner styles. Each module and topic include dynamics to encourage the reception, processing, and retention of the skills needed to operate the Touch 2, 4PC, and Physical Analyzer for: cloning SIM cards, completing extractions with boot-loaders and other techniques, troubleshooting problematic mobile device extractions, and triaging devices to create reports for the expedited service of cases. Beyond the use of Cellebrite products to complete the many hands-on exercises in CCO, the course focuses on the observable and measurable knowledge skills and abilities befitting a legitimate certification course, meeting Quality Matters standards. Cellebrite believes a responsibility exists to teach members of the digital forensic community the necessary competencies to conduct exams ethically, using universal professional standards.
Upon successful completion of this course, the student will be able to:
• Install and configure Touch, Touch2 or 4PC and UFED Physical Analyzer software.
• Explain the best practices for the on-scene identification, collection, packaging, transporting, examination and
storage of digital evidence data and devices.
• Display best practice when conducting cell phone extractions.
• Identify functions used within Touch, Touch2 or 4PC to perform supported data extractions.
• How to use triage reporting for investigation
• Demonstrate proficiency of the above learning objectives by passing a knowledge test and practical skills
assessment with a score or 80% or better.
|Module||Description and Objectives|
|Introduction||• Describe Cellebrite’s core training and certification process.
• Recount Cellebrite’s accolades and accomplishments.
• Recognize the abilities of Cellebrite Platforms and digital forensic solutions.
• Explain the legal responsibilities of practitioners using Cellebrite products, software, and services.
of Mobile Devices
|• Recognize legal considerations for seizing and searching devices.
• Examine mobile device and internet of things (IoT) technologies of value in an investigation
• Describe the phases of the digital forensics process.
• Relate the correct procedures for identifying and handling digital evidence devices as first responders.
• Identifying Devices on Scene (Make and Model)
• Identify various locking mechanisms found on mobile devices.
• Explain best practices to document mobile device investigations.
• Reader Search Techniques.
• Shielding and Isolation Techniques and Considerations
• Discovery of On-State Device Collection Procedures
• Discovery of Off-State Device Collection Procedures
|Touch2 and 4PC
|• List the components, features, or functions for the Touch2 and 4PC
• Describe how to purchase and maintain the license UFED technology.
• Discuss how to update software and firmware for Touch2 and 4PC
• Implement an installation of 4PC on a computer workstation.
• Modify Touch2 and 4PC configurations for the extraction of different devices and investigative needs.
|• Best Practice for Extractions ..
• Android Screen Locks
• Passcodes on iOS Devices
• SD Card Types
• Explain the SIM file system organization.
• Complete SIM card extractions and cloning using Touch2/4PC.
• Using the Phone Power-Up Cable
• UFED Extractions
• Data Extraction Approaches
• Extraction Method Options
• Extraction Connection Interfaces
• UFED Camera Services.Extraction Methods Explained – Physical
• Extraction Methods Explained – Physical w/Client.
• What is a Boot Loader?..
• File System Extractions Explained
• Extraction Methods Explained – File System
• Physical Analyzer Extractions
• iOS Advanced Logical Extractions Output Described.
• Hand Scroll Techniques
• Post Extraction Evidence Handling
• Extraction Methods FAQ (Logical, File System, Android Backup, APK Downgrade, Physical Extraction,
Advanced ADB, Advanced ADB (Generic), ABD (Rooted), Boot Loader, Smart ADB, CAS, EDL, Password
|Triage Reporting||• Triage Reporting – User Data .
• Triage Reports for Further Investigation
• Triage Analysis Obstacles
• Triage and Reader as a Force Multiplier
• Reader Capabilities
• Triaging with Physical Analyzer
• SMS – Triage May Require Additional Decoding
• Searches and Filters – Overview
• Tagging Items of Interest
• Initiating the Creation of a Triage Report
• The Report Wizard
• Generating the Report
• Passwords and Encryption
• Reader Software
• Reporting – What to do After Reader is Distributed
* CHANGES TO COURSE CONTENT AND PROVIDED SOFTWARE CAN BE MADE WITH OUR PRIOR NOTICE.