This course is an intermediate-level four-day training course, designed for participants who are familiar with the principles of digital forensics and who are seeking to expand their knowledge base into deep iOS examinations and the use of the GrayKey device.
Students must be part of a law enforcement agency that has been cleared by Grayshift in order to attend this course.
Students will get hands-on use of the GrayKey device and learn how to fully operate it — including how to establish a proper workflow for handing iOS devices in the field to the lab and how to acquire a full file system image of iOS devices.
Magnet AXIOM will also be leveraged to learn how the iOS filesystem is structured, how to locate key data, and how artifacts are structured. In addition, students will learn about artifacts specific to the iOS full file system and its multiple levels of data protection. Third-party artifact analysis of several advanced, secure artifacts will be covered, including how the device keychain ties into these artifacts. A methodology will be discussed on how to conduct deep-level iOS examinations and how to understand specific operating system artifacts in context to show device interactions over time. Students will learn how to put someone behind a device physically interacting with it, and even sometimes where that device has been.
Hear directly from Christopher Vance, Manager of Curriculum Development at Magnet Forensics, about why you should take our MAGaK (Magnet AXIOM & GrayKey) Advanced iOS Examinations (AX301) course, what you can expect when you take it, and what type of real-life experience he brings to the classroom.
Because AX301 is an intermediate-level course, it is strongly recommended that students first complete Magnet AXIOM Examinations (AX200). AX200 will provide a thorough understanding of AXIOM that will help students focus on the cloud aspect of investigations in AX301.
MODULE 1: COURSE INTRODUCTION
MODULE 2: UNDERSTANDING IOS AND APPLE’S SECURITY
MODULE 3: USING THE GRAYKEY DEVICE
MODULE 4: DEVICE IMAGE TYPES
MODULE 5: IMPORTING DATA IN MAGNET AXIOM
MODULE 6: EXPLORING ARTIFACTS IN MAGNET AXIOM