GK200 Graykey Examinations

Course Modules

Module 1: Course introduction

• Coverage of the basic prerequisites for both the Axiom software and the Graykey unit.

Module 2:  iOS fundamentals

• Discussion-focused coverage of the iOS operating system’s security functions and structure.
• Learn about device protection class keys, understanding the handset lock codes and their function, as well as other functions of the operating system.

Module 3: Android fundamentals

• Discussion-focused coverage of the Android operating system’s security functions and structure.
• Learn about the structure of Android kernels, device encryption and handset passcodes, as well as other generic Android functions.

Module 4: Graykey overview

• This module focuses on all of the options and settings of the Graykey device and how to leverage them in order to successfully and efficiently operate the device to extract information from mobile devices.

Module 5: iOS acquisitions using Graykey

• Understand the different workflows offered by the Graykey to be able to extract data from iOS/iPadOS devices.
• Learn how to leverage Graykey to access data from locked iOS devices as well as apply methodologies to bypass device security and passcodes.

Module 6: Android acquisitions using Graykey

• Learn to understand the different workflows offered by Graykey to be able to extract data from Android devices.
• Gain an understanding of the fragmentation of the Android market and learn to approach Android device examinations, no matter the version or vendor.
• Understand how to leverage the Graykey to access data from locked Android devices as well as apply methodologies to bypass device security and passcodes.

Module 7: Android anti-forensics

• Gain an awareness of different methodologies that can be applied in an anti-forensic setting.
• Learn about operating systems and applications that can be enabled to wipe data from a device.
• Understand the different impacts that anti-forensics can have on the examination of Android devices, from triage, handling and seizure through to extraction, analysis and manual verification.

Module 8: Additional Graykey features

• Understand and learn how to use additional features offered by the Graykey including logical+, category-based extractions, mobile excursion and Magnet Graykey Fastrak.

Module 9: Graykey outputs and Magnet Axiom

• Understand the different outputs available from Graykey, depending on device state, and how to best analyze the data contained within.
• Learn how to interpret information coming from key files such as Keychain and Keystore files, and how Magnet Axiom can utilise these file types to provide access to data from advanced, secure applications.
• Gain an understanding of how to effectively and efficiently process data outputs from Graykey into Axiom.
• Learn about several Axiom functions such as Dynamic App Finder and the ability to search for custom files by type.

Module 10: Additional password recovery methods

• Learn how to leverage data from mobile devices to enable effective and efficient passcode recovery.
• Understand and learn how tools such as Magnet Wordlist Generator can be used to leverage maximum potential for passcode recovery.

Module 11: Analyzing iOS extraction types

• Understand they key differences between data included in BFU, AFU, full file system and logical+ extractions of iOS/iPadOS devices.
• Learn how to leverage Magnet Axiom to yield maximum evidence and information from iOS/iPadOS devices.
• Learn additional data analysis techniques of data not normally found within common extraction types.

Module 12:  Analyzing Android extraction types

• Learn what information can be yielded from Android devices in differing device states.
• Understand how to analyze mainstream data protection features such as Secure Folder and Dual Messenger.