AX400 Advanced Mobile Data Analysis

This course is a two-day, expert-level training program designed to equip digital forensic examiners with advanced skills for navigating complex mobile data. Emphasizing unsupported third-party applications, advanced data structures, and custom artifact creation, this course will provide essential tools for analyzing mobile device data with confidence.

Learn More

Description

Magnet Forensics products including Magnet Axiom, Magnet Graykey and Magnet Verakey are extremely valuable tools for mobile acquisition, deep analysis of data, and being able to report findings for stakeholders—saving you time and allowing you to solve cases in a more efficient manner.

If you haven’t already, it is strongly encouraged to complete the Magnet Axiom Advanced Mobile Forensics (AX300) course which will familiarize yourself with even more file types found within mobile operating systems. From an acquisition perspective, you may want to consider taking either the GK200 course for GrayKey (law enforcement only) or VK200 for Verakey (private sector). These two courses will give you hands-on experience with mobile device acquisition.

While Axiom is equipped to navigate evidence derived on mobile devices, it will be impossible for any tool to have native, first-party support for every single application on the app stores. Learning to write custom artifacts derived from unsupported applications allows the examiner to tailor their Axiom experience, providing a method to examine unsupported data in a tool they’re already familiar with.

Before writing a custom artifact, examiners should have an understanding of the underlying file types and how data can be stored within mobile file systems. Students in the course will explore mobile operating system file types even deeper, with data extraction from existing file types, like SQLite databases.

This course will go even further by decompiling APKs from Android apps, helping examiners understand how encryption might come into play with applications, and potentially understand just how the application is using particular.

Our world-class trainers will bring their years of practical and research expertise to the classroom and share the latest trends that examiners need to be aware of, keeping them one step ahead in their investigations. Magnet Forensics Trainers have had active experience in investigation and forensics, bringing with them a wealth of knowledge to the classroom experience. The classroom experience will bring together tips and tricks, deep analysis, and the latest research into a training scenario using some of the latest mobile operating systems and popular applications. This, combined with the opportunity to ask questions and collaborate with our trainers and other attendees, is invaluable.

Course Highlights

When students attend the AX400 course, they receive a dedicated two-day course that will utilize instructor-led scenario-based experience to reinforce the learning objectives of the specific learning modules. It will further enhance your understanding of unsupported data of both iOS and Android devices, discussing the latest changes of the operating systems whilst also learning to confidently evaluate and validate unsupported data types for stakeholders.

Course Prerequisites

AX300 is strongly recommended

On Successful Completion

Course Certification

Additional Information

Course Length: 2 x days
Who Should Attend: Participants who are unfamiliar with the principles of digital forensics
Advanced Preparation: AX300 is strongly recommended
Program Level: Expert-level
Field of Study: Computer Software & Applications
Delivery Method: Group internet based & group live

Course Modules

Module 1: Course introduction and environment setup

Students will begin by exploring the course outline and meeting their instructor and fellow students. Students will gain an understanding of the course’s depth and focus while preparing the necessary software and tools for success. By the end of this module, students will have a clear understanding of the data structure types to be explored and a fully prepared classroom environment.

Module 2: Extraction and analysis of mobile data structures

The structure and forensic significance of a variety of different data structures including Property Lists (PLists) Protobufs and XML will be examined in this module. Students will decode ABX files and binary PLists, explore NSKeyedArchiverPLists, and analyze Protobufs used in serialized data storage. Students will gain the ability to decode complex data structures, analyze embedded artifacts, and understand the forensic implications of application intents and serialized data within mobile devices.

Module 3: Creating custom artifacts

In this module, students will learn to navigate unsupported third-party applications and create custom artifacts to meet investigative needs. Students will load these artifacts into Magnet Axiom for processing and leverage the Dynamic App Finder to identify and process unsupported SQLite databases. By the end of this module, students will understand the importance of custom artifacts and how to utilize them effectively to extract critical data.

Module 4: Advanced artifact customization

Students will learn how to further customize artifacts for unsupported applications using Magnet Custom Artifact Generator (MCAG) in this module. The opportunity to learn how toleverage SQLite to generate queries and further customize artifacts for unsupported applications will be presented. After the module is completed, students will understand how to effectively utilize the Magnet Custom Artifact Generator and SQLite queries to maximize evidence collection from mobile applications.

Module 5: Understanding and decrypting encrypted applications

In this module, students will dive into mobile device encryption, focusing on key elements like the Android Keystore. Students will decrypt previously discovered encrypted files and learn how to decompile Android application APKs for investigative purposes. By the end of this module, students will understand encryption methodologies, the role of the Android Keystore, and how to decrypt an encrypted database using tools such as JadX and DB Browser for SQLite.

AX250 Magnet AXIOM Advanced Computer Forensics

14th April 2025 9:00 am - 17th April 2025 5:00 pm Europe/London Online

GK200 Graykey Examinations

29th April 2025 9:00 am - 2nd May 2025 5:00 pm Europe/London Classroom – London, United Kingdom

AX400 Advanced Mobile Data Analysis

10th June 2025 9:00 am - 11th June 2025 5:00 pm Europe/London Classroom – Birmingham, United Kingdom

AX400 Advanced Mobile Data Analysis

8th July 2025 9:00 am - 9th July 2025 5:00 pm Europe/London Online

VK200 Verakey Examinations

18th March 2025 9:00 am - 21st March 2025 5:00 pm Europe/London Classroom – London, United Kingdom

AX250 Magnet AXIOM Advanced Computer Forensics

14th April 2025 9:00 am - 17th April 2025 5:00 pm Europe/London Online

GK200 Graykey Examinations

29th April 2025 9:00 am - 2nd May 2025 5:00 pm Europe/London Classroom – London, United Kingdom

AX400 Advanced Mobile Data Analysis

10th June 2025 9:00 am - 11th June 2025 5:00 pm Europe/London Classroom – Birmingham, United Kingdom

AX400 Advanced Mobile Data Analysis

8th July 2025 9:00 am - 9th July 2025 5:00 pm Europe/London Online

VK200 Verakey Examinations

18th March 2025 9:00 am - 21st March 2025 5:00 pm Europe/London Classroom – London, United Kingdom

AX250 Magnet AXIOM Advanced Computer Forensics

14th April 2025 9:00 am - 17th April 2025 5:00 pm Europe/London Online

GK200 Graykey Examinations

29th April 2025 9:00 am - 2nd May 2025 5:00 pm Europe/London Classroom – London, United Kingdom

AX400 Advanced Mobile Data Analysis

10th June 2025 9:00 am - 11th June 2025 5:00 pm Europe/London Classroom – Birmingham, United Kingdom

Enquire About This Course

If this training course is of interest to you, you would like to know more or book places, please complete your details below ensuring that you inform us of the dates you are interested in.

Once we receive your enquiry we will contact you to discuss your training requirements to ensure that this course is right for your needs.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_32179060_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

AX400 Advanced Mobile Data Analysis

Description

Course Prerequisites

On Successful Completion

Additional Information

Course Modules

Enquire About This Course

AX400 Advanced Mobile Data Analysis Enquiry