Feature List

  • Duration: 3 days
  • Group size: up to 12 students
  • Instructors: experts in mobile forensics
  • Certification: provided
  • Included: 90-day access to full versions of all software tools used during the training
  • Extra benefits: the book “Mobile Forensics – Advanced Investigative Strategies” by Vladimir Katalov and Oleg Afonin

Reasons to attend the Advanced iOS Forensics course

In this 3-day course on iOS forensics, students are led through the fundamentals of mobile forensics including an overview of common mobile platforms and operating systems. They will learn about the most effective workflow including evidence preservation, logical, physical and cloud based acquisition. Students will learn how to cope with encryption and password protection and develop skills necessary to successfully obtain evidence from locked devices and password-protected backups. Attendees who successfully pass the class assignments will be given a certificate of completion.

The skills you get

The students will develop an in-depth knowledge of password protection and data encryption techniques used in mobile forensics. The attendees will further master modern technologies for mobile forensics, evidence preservation, data extraction and decryption. The students will master the data extraction workflow using logical, physical and cloud acquisition methods; develop jailbreaking skills and learn how to use a jailbreak for data extraction on different generations of iOS devices. The attendees will master cloud extraction, including the extraction of static backups and dynamic (synced) evidence.

Who completed this training

Among our certified trainees are police, law enforcement, security officers, computer security professionals, and penetration testers.


Day 1
  • A brief overview of global mobile platforms
  • The mobile forensics workflow (steps and techniques)
  • Physical, logical and cloud acquisition methods compared
Day 2
  • Jailbreak-based physical acquisition (32-bit and 64-bit devices)
  • Authentication tokens and pairing records
  • Multi-platform data extraction
Day 3
  • Cloud-based over-the-air data acquisition
  • Handling two-factor authentication
  • Extracting IM communications and other app data

Reasons to take the Advanced Password Recovery course

In this comprehensive course on password recovery, students are led through the fundamentals of data protection, encryption and passwords. The course teaches students to deal with the many types of encrypted information, explains the differences between the different types of protection, encryption and passwords. Attendees will get hands-on experience in breaking passwords to the many common types of data including encrypted volumes, protected documents, archives and backups. Attendees who successfully pass the class assignments will be given a certificate of completion.

The skills you get

The students will gain in-depth understanding of data protection methods, encryption and passwords. The attendees will learn using the most efficient workflow to access the many types of protected information. They’ll learn about the specifics of recovering access to encrypted volumes and crypto containers, gaining access to password-protected documents and archives. The students will master the skills of extracting passwords from the user’s computer, building targeted dictionaries and applying meaningful mutations. The attendees will gain understanding of the different types of attacks, the hardware resources required to perform those attacks, and their relation to the recovery timeframe and success probability.


Day 1
  • Introduction to encryption and hashing
  • Choosing the target: keys, passwords and instant recovery
  • Exploiting the human factor
  • Understanding distributed computing and GPU acceleration
  • Gathering the low-hanging fruit: extracting existing passwords from Mac and PC
Day 2
  • Targeted dictionary with user’s existing passwords
  • Custom dictionary based on online password leaks
  • Understanding mutations
  • Setting up attack pipeline
Day 3 Practical assignments:
  • Attacking BitLocker
  • Extracting user’s existing passwords and building a custom dictionary
  • Discovering encrypted content
  • Setting up attack pipeline and recovering passwords

What others say about this course

“I left with a far better understanding of the linear differences between backup / sync features which I had not previously investigated. I found that it has already paid for itself in our interaction with investigators. Probably one of the better instruction training I have had in a while. I will definitely be recommending Vlad and Oleg for future training with our members. Good job guys.”

“The instructors came across as very experienced in the delivery of technical matters. They approached every section with detail and full coverage.”

“Oleg and Vladimir were fantastic instructors. Especially Oleg, he was very focused on making sure we were following along without trouble. He was very, very knowledgeable.”

Arrange a new course with us

As an alternative to joining a scheduled training, you may arrange a new course with us or one of our partners. To apply for a training, please fill out the application form: