CJE 3215 - Mobile Device Forensics

College of Public Safety Administration

Credit(s): 3
Contact Hours: 47
Effective Term Spring 2022 (600)

Requisites

Pre- or Co-requisite CCJ 3075 with a minimum grade of C and
Admission to Public Safety Administration (Bachelor of Applied Science) (PSA-BAS)

Course Description

This course is designed to help students better understand the differences between the forensic investigations of mobile devices and investigation on traditional computer devices. The course teaches the proper steps used in a search of a mobile device, including the most probable locations of different types of data artifacts. Topics include the preparing, protecting, and seizing of evidence, with a view towards producing evidence that will be admissible in court. The course also presents an overview of tools that will help the examiner validate the collected evidence, as well as examining the different processes used in iOS investigations versus Android device investigations.

Learning Outcomes and Objectives

  1. Students will summarize the unique challenges of mobile device investigations by:
    1. describing the evolution and history of mobile devices.
    2. determining the mobile device’s modern relevance to the media and crime scenes.
    3. listing the procedures required to obtain data from a particular mobile device.
    4. explaining how a device must be seized, collected, analyzed, and presented in a way that is forensically sound.
  2. Students will demonstrate methods to extract mobile data without violating privacy rights by:
    1. summarizing how different devices format and store relevant information.
    2. comparing how to extract data from diverse types of devices.
    3. identifying an individual’s privacy rights in his or her own residence, workplace, and cloud storage environments.
    4. choosing the proper way to access personal information on a device that also stores company information.
    5. formulating how to establish a chain of custody for the device on scene.
  3. Students will assess the use of various forensic tools to conduct distinct types of device acquisitions by:
    1. listing the benefits of the examiner having knowledge of multiple forensic tools.
    2. explaining the risks faced when an examiner does not incorporate or utilize multiple tools during the case.
    3. differentiating the levels within the tool classification pyramid and know how to be successful using each.
    4. determining whether the software solution supports or does not support a particular device.
    5. determining which evidence should be processed first, based on the device status.
  4. Students will contrast the processes used in investigations of different mobile operating systems, including iOS and Android by:
    1. summarizing the process of obtaining files through an iTunes backup, as well as the methods used to obtain additional files a regular iTunes backup may fail to provide.
    2. explaining that certain files, such as plist files, are contained within iOS devices that are not found on other mobile devices.
    3. describing how students can gather extra information from an Android device after successfully accessing the file system.
    4. utilizing information about Android devices to stay up to date with the device and the information collected from it.
    5. identifying the methods of creating and delivering a successful presentation of their own findings.

Criteria Performance Standard

Upon successful completion of the course the student will, with a minimum of 70% accuracy, demonstrate mastery of each of the above stated objectives through classroom measures developed by individual course instructors.

History of Changes

C&I Approval: , BOT Approval: , Effective Term: Spring 2022 (600)

Related Programs

  1. Public Safety Administration (PSA-BAS) (655) (Active)