Manchester: 0161 797 8123

London: 0207 438 2045

Manchester: 0161 797 8123

London: 0207 438 2045

Blog

News, events, media, seminars and more

Advanced BlackBerry Forensics Training

Join CYFOR for TeelTech’s four-day BlackBerry Forensics course providing examiners with a comprehensive education on the BlackBerry platform, and the methods and tools available to get extensive data from the device, back-up files and BES server.

Blackberry Forensics Taught by veteran smart phone digital forensic examiner, Shafik Punja, the class exposes students to techniques that go beyond the standard logical acquisition and IPD back-up exam.

In this extended class, students are provided with a number of practical exercises to learn first-hand.

Students graduating the course will have gained a comprehensive BlackBerry forensics, and the best practices of processing the devices for evidentiary purposes.

TeelTech BlackBerry Forensics Four-Day Course Outline

1. BlackBerry Hardware
Form Factor
Internal Components
Basic Memory Structure

2. BlackBerry Operating System and Security
Overview of OS
BlackBerry file types: alx, cod, jad, and ipd
BlackBerry Security Mechanisms

3. BlackBerry Device Behavior
Battery mechanics
Device Power Off and Battery Pulling
Device Date/Time
User, Device and Carrier information
Security Options
Messages
Hotkeys and Shortcuts

4. BlackBerry Data (Evidence) Storage Areas
Device Memory
Memory Card
SIM
Network Service Provider
RIM
BlackBerry Communication Methods
BlackBerry Messenger

5. BlackBerry Desktop Manager (Windows and Mac)
Installation and make forensically safe
Quick overview of Linux open source equivalent – Barry
Creating backups and encrypted backups with BDM
Other tools that also extract data from BlackBerry

6. Data Parsing and Analysis
Structure of IPD File
BlackBerry Folder Structure and BBthumbs.dat
ABC Amber BlackBerry Converter
Commercial Forensic Tools that parse ipd backup files
Open source tools that parse ipd files
Advanced BlackBerry Forensics Training

7. Non-conventional Methods of Data Extraction
BlackBerry Event logs – extraction and analysis
BlackBerry Diagnostic Report Creation
Javaloader.exe
BlackBerry EScreen (Engineering Screen)

8. Artifacts on Suspect System (computer/laptop)
Log files showing each BlackBerry that connected to PC/laptop
Xml files unique to each BlackBerry that connected showing device info and applications listed on device
Registry hive keys that log each BlackBerry PIN that connected to PC/laptop

9. BES
What is a BES?
What does the BES log?
Default path location to BES logs
Important BES logs to understand
How to extract data from the BES.

Instructor: Sheran A. Gunasekera
Sheran A. Gunasekera is the Founder and Director of Research & Development for ZenConsult Pte. Ltd. Before founding ZenConsult, Sheran was the Principal Consultant for Scanit Middle East in Dubai and Technical Advisor to the ISP services section of Emirates Telecommunications Corporation (ETISALAT) in the UAE.

Gunasekera has extensive experience in web application security. He has developed tools and methodologies to improve results of security assessments and has trained consultants based on these methodologies. More recently, he focuses on mobile platforms and conducts research into BlackBerry handheld security. He has spoken at the 2009 Hack In The Box conference in Malaysia and the 2010 Troopers Security conference in Germany where he presented results of his research into BlackBerry lawful interception and spyware. His work has been quoted in online publications like Wired News, The Register, PC World, CNET News and Dark Reading.

He maintains a website for application security, reverse engineering and mobile platform security. He has been credited with discovering security vulnerabilities in commercial applications and has also discovered several critical vulnerabilities in core banking and Internet banking applications from companies like Oracle Financial Services (previouslyiFlex), Polaris, ebWorx and SilverLake.

For further information please contact Louise Jackson on 0161 797 8123  louise.jackson@cyfor.co.uk

Back to all Posts

Call us today and speak with a Forensic Specialist

London: 0207 438 2045

Manchester: 0161 797 8123

Feel free to send us an enquiry

  • This field is for validation purposes and should be left unchanged.

After submitting an enquiry, a member of our team will be in touch with you as soon as possible

Your information will only be used to contact you, and is lawfully in accordance with the Data Protection Act 1998.