Mobile operating systems like Android and iOS leave behind a rich trail of digital evidence—if you know where and how to look. In this module, you’ll learn how to examine and interpret digital artifacts across the unique file systems of the major mobile OS platforms. You’ll explore how mobile devices structure, store, and index data, and gain practical experience in reconstructing timelines of user activity through forensic analysis. From app usage and file access to location data and system logs, this topic equips you with the skills to extract actionable insights from mobile devices—crucial for incident response and cyber investigations. By the end of this topic, you’ll be able to confidently conduct forensic analysis on iOS and Android devices, uncover digital evidence, and follow a structured process aligned with professional standards.

Modern mobile devices store vast amounts of critical data—but accessing that data for forensic purposes requires the right tools and techniques. In this module, you will gain hands-on experience with state-of-the-art mobile forensics tools such as Autopsy, Android/iOS Debug Tools, and FTK. You’ll explore the capabilities and limitations of both open-source and commercial solutions as you learn to extract, decode, and analyse data from various mobile platforms. Special focus will be given to investigating both proprietary systems and third-party applications, helping you understand where forensic data resides and how to access it legally and efficiently. By comparing tools across functionality, reliability, and usability, you’ll be equipped to choose the right tool for the job—and provide sound recommendations during mobile incident investigations.

Acquiring digital evidence from mobile devices is a critical step in any forensic investigation—one that must be handled with precision, care, and a deep understanding of legal and technical implications. In this module, you'll explore the full spectrum of mobile evidence acquisition techniques, from physical and logical extraction to memory dumps, network traffic capture, and cloud data retrieval. You’ll learn how to preserve data integrity, maintain chain of custody, and ensure the admissibility of evidence in court. Practical considerations, such as the pros and cons of extracting artefacts from device memory, SD cards, and over-the-air sources, will be examined through real-world scenarios. By the end of this topic, you'll have a clear understanding of how to approach mobile evidence acquisition with both technical rigor and legal foresight—making your forensic work defensible, reliable, and impactful.

Mobile applications are treasure troves of data—often housing critical evidence that can illuminate user behaviour, malicious activity, or digital misconduct. In this topic, you’ll develop advanced investigation techniques to uncover and interpret hidden insights from apps through static analysis (code inspection, file structures) and runtime behavioural analysis (real-time activity tracking). You’ll learn how to dissect application data, analyse user interactions, and identify evidence sources across platforms like Android and iOS. By examining app behaviour under different scenarios, you'll also evaluate the security posture of various mobile platforms—recognising vulnerabilities and strengths that may impact an investigation. This module will equip you with the skills to go beneath the surface of mobile applications and extract forensic value that is often overlooked, making you a sharper and more informed digital investigator.

In today’s hyper-connected world, mobile devices are prime targets for cybercriminals. This topic explores the intricate security landscape of smartphones and tablets—equipping you with the knowledge to assess and investigate the protective mechanisms that both defend and obscure critical data. You’ll explore core security concepts such as authentication, access control, and encryption, and how these affect forensic readiness and analysis. Learn to identify and analyse mobile malware, understand infection vectors, and investigate malicious application behaviours. You'll also gain hands-on experience with tools and techniques for bypassing protections like passcodes and biometrics in a lawful forensic context. By the end of this topic, you’ll be able to evaluate mobile device security from both a defensive and investigative perspective—ensuring forensic soundness while navigating the challenges posed by evolving mobile threats.