Join CYFOR for TeelTech’s four-day BlackBerry Forensics course providing examiners with a comprehensive education on the BlackBerry platform. Including the methods and tools available to get extensive data from the device, back-up files and BES server.
Taught by veteran smart phone digital forensic examiner, Shafik Punja, the class exposes students to techniques that go beyond the standard logical acquisition and IPD back-up exam.
In this extended class, students are provided with a number of practical exercises to learn first-hand.
Students graduating the course will have gained a comprehensive BlackBerry forensics, and the best practices of processing the devices for evidentiary purposes.
TeelTech BlackBerry Forensics Four-Day Course Outline
- 1. BlackBerry Hardware
Basic Memory Structure
- 2. BlackBerry Operating System and Security
Overview of OS
BlackBerry file types: alx, cod, jad, and ipd
BlackBerry Security Mechanisms
- 3. BlackBerry Device Behavior
Device Power Off and Battery Pulling
User, Device and Carrier information
Hotkeys and Shortcuts
- 4. BlackBerry Data (Evidence) Storage Areas
Network Service Provider
BlackBerry Communication Methods
- 5. BlackBerry Desktop Manager (Windows and Mac)
Installation and make forensically safe
Quick overview of Linux open source equivalent – Barry
Creating backups and encrypted backups with BDM
Other tools that also extract data from BlackBerry
- 6. Data Parsing and Analysis
Structure of IPD File
BlackBerry Folder Structure and BBthumbs.dat
ABC Amber BlackBerry Converter
Commercial Forensic Tools that parse ipd backup files
Open source tools that parse ipd files
Advanced BlackBerry Forensics Training
- 7. Non-conventional Methods of Data Extraction
BlackBerry Event logs – extraction and analysis
BlackBerry Diagnostic Report Creation
BlackBerry EScreen (Engineering Screen)
- 8. Artifacts on Suspect System (computer/laptop)
Log files showing each BlackBerry that connected to PC/laptop
Xml files unique to each BlackBerry that connected showing device info and applications listed on device
Registry hive keys that log each BlackBerry PIN that connected to PC/laptop
- 9. BES
What is a BES?
What does the BES log?
Default path location to BES logs
Important BES logs to understand
How to extract data from the BES.
Instructor: Sheran A. Gunasekera
Sheran A. Gunasekera is the Founder and Director of Research & Development for ZenConsult Pte. Ltd. Before founding ZenConsult, Sheran was the Principal Consultant for Scanit Middle East in Dubai and Technical Advisor to the ISP services section of Emirates Telecommunications Corporation (ETISALAT) in the UAE.
Gunasekera has extensive experience in web application security. He has developed tools and methodologies to improve results of security assessments and has trained consultants based on these methodologies. More recently, he focuses on mobile platforms and conducts research into BlackBerry handheld security. He has spoken at the 2009 Hack In The Box conference in Malaysia and the 2010 Troopers Security conference in Germany where he presented results of his research into BlackBerry lawful interception and spyware. His work has been quoted in online publications like Wired News, The Register, PC World, CNET News and Dark Reading.
He maintains a website for application security, reverse engineering and mobile platform security. He has been credited with discovering security vulnerabilities in commercial applications and has also discovered several critical vulnerabilities in core banking and Internet banking applications from companies like Oracle Financial Services (previouslyiFlex), Polaris, ebWorx and SilverLake.