Cellebrite Corporate Investigator (CCI)
3 days
Intermediate-level course
Course Description
The Cellebrite Certified Corporate Investigator (CCI) course is a 3-day Intermediate level program designed for corporate, private, and eDiscovery examiners. The CCI course includes a comprehensive introduction to the components of corporate and private incidents, including legal considerations, evidence identification, preservation, collections, and production.
CCI course participants use the UFED 4PC and Physical Analyzer (PA) software to perform phone extractions and conduct analysis of those extractions, with a concentration on analysis techniques specific to corporate and private investigations. Students will learn both basic and advanced features and functions of PA. The CCI course also introduces students to Android and iOS operating system basics and includes independent exercises focused on each of the operating systems.
CCI course participants use the UFED 4PC and Physical Analyzer (PA) software to perform phone extractions and conduct analysis of those extractions, with a concentration on analysis techniques specific to corporate and private investigations. Students will learn both basic and advanced features and functions of PA. The CCI course also introduces students to Android and iOS operating system basics and includes independent exercises focused on each of the operating systems.
Course Content
Fundamentals of Private Sector Investigations
- Identify legal considerations
- Recognize terminology used in corporate/private investigations
- Identify types of evidence
- Enact valid preservation techniques
- Identify collection issues for local and remote data
- Combine data for production to outside consul
Flash Memory
- Forensic Handling of Mobile Devices
- Recognize the usage of a Mobile Device Management Admin Console
- Describe the importance of proper evidence handling
- Conduct device identification and recognition of the existence of additional evidence
Extraction Methodology
- Identify best practices for the extraction of data from digital devices
- Discuss the methods frequently employed by forensic examiners to acquire data from digital devices
- Operate the UFED 4PC and Physical Analyzer software to conduct device extractions
Overview of Physical Analyzer
- Configure Physical Analyzer
- Use Physical Analyzer to gain understanding of functional usage of the software
- Demonstrate the following options of the Physical Analyzer software
Introduction to Smart Phone Analysis
- Discuss the features of the Android operating system
- Analyze the extraction of an Android device
- Discuss the features of the iOS operating system
- Analyze the extraction of an iOS operating system
Data Analysis Techniques
- Conduct an Open Advanced action to open an iTunes backup
- Use the Location services features of Physical Analyzer
- Employ the Get More Data option to conduct Location Carving
- Use translation services to translate data within an extraction
Comprehensive Exercise
- Complete an independent exercise using the learned techniques in the previous modules
- Results of this exercise will be used in the Reporting module
Reporting
- Describe the elements of forensic reporting
- Discuss the reporting options afforded to examiners using Physical Analyzer
- Use results from Module 8 exercise to compile reports in several output formats
Last modified: Tuesday, August 24, 2021, 9:37 AM