CYFOR Blog

The latest industry news and insights

Advanced BlackBerry Forensics Training

Blackberry Forensics

Join CYFOR for TeelTech’s four-day BlackBerry Forensics course providing examiners with a comprehensive education on the BlackBerry platform. Including the methods and tools available to get extensive data from the device, backup files and BES server.

Taught by veteran smartphone digital forensic examiner, Shafik Punja, the class exposes students to techniques that go beyond the standard logical acquisition and IPD backup exam.

In this extended class, students are provided with a number of practical exercises to learn first-hand.

Students graduating from the course will have gained a comprehensive BlackBerry forensics, and the best practices of processing the devices for evidentiary purposes.

TeelTech BlackBerry Forensics Four-Day Course Outline

  • 1. BlackBerry Hardware
    Form Factor
    Internal Components
    Basic Memory Structure
  • 2. BlackBerry Operating System and Security
    Overview of OS
    BlackBerry file types: alx, cod, jad, and ipd
    BlackBerry Security Mechanisms
  • 3. BlackBerry Device Behavior
    Battery mechanics
    Device Power Off and Battery Pulling
    Device Date/Time
    User, Device and Carrier information
    Security Options
    Messages
    Hotkeys and Shortcuts
  • 4. BlackBerry Data (Evidence) Storage Areas
    Device Memory
    Memory Card
    SIM
    Network Service Provider
    RIM
    BlackBerry Communication Methods
    BlackBerry Messenger
  • 5. BlackBerry Desktop Manager (Windows and Mac)
    Installation and make forensically safe
    Quick overview of Linux open source equivalent – Barry
    Creating backups and encrypted backups with BDM
    Other tools that also extract data from BlackBerry
  • 6. Data Parsing and Analysis
    Structure of IPD File
    BlackBerry Folder Structure and BBthumbs.dat
    ABC Amber BlackBerry Converter
    Commercial Forensic Tools that parse ipd backup files
    Open source tools that parse ipd files
    Advanced BlackBerry Forensics Training
  • 7. Non-conventional Methods of Data Extraction
    BlackBerry Event logs – extraction and analysis
    BlackBerry Diagnostic Report Creation
    Javaloader.exe
    BlackBerry EScreen (Engineering Screen)
  • 8. Artifacts on Suspect System (computer/laptop)
    Log files showing each BlackBerry that connected to PC/laptop
    Xml files unique to each BlackBerry that connected showing device info and applications listed on device
    Registry hive keys that log each BlackBerry PIN that connected to PC/laptop
  • 9. BES
    What is a BES?
    What does the BES log?
    Default path location to BES logs
    Important BES logs to understand
    How to extract data from the BES.

Instructor: Sheran A. Gunasekera
Sheran A. Gunasekera is the Founder and Director of Research & Development for ZenConsult Pte. Ltd. Before founding ZenConsult, Sheran was the Principal Consultant for Scanit Middle East in Dubai and Technical Advisor to the ISP services section of Emirates Telecommunications Corporation (ETISALAT) in the UAE.

Gunasekera has extensive experience in web application security. He has developed tools and methodologies to improve results of security assessments and has trained consultants based on these methodologies. More recently, he focuses on mobile platforms and conducts research into BlackBerry handheld security. He has spoken at the 2009 Hack In The Box conference in Malaysia and the 2010 Troopers Security conference in Germany where he presented results of his research into BlackBerry lawful interception and spyware. His work has been quoted in online publications like Wired News, The Register, PC World, CNET News and Dark Reading.

He maintains a website for application security, reverse engineering and mobile platform security. He has been credited with discovering security vulnerabilities in commercial applications and has also discovered several critical vulnerabilities in core banking and Internet banking applications from companies like Oracle Financial Services (previously iFlex), Polaris, ebWorx and SilverLake.

Back to all Posts

Call us today and speak with a Forensic Specialist

Send an enquiry to our experts

After submitting an enquiry, a member of our team will be in touch with you as soon as possible

Your information will only be used to contact you, and is lawfully in accordance with the General Data Protection Regulation (GDPR) act, 2018.