Mobile Device Forensics Fundamentals | Online Course | The Waldrep Company Skip to main content
Online Courses › Mobile Device Forensics Fundamentals
10–12 Hours — Online Self-Paced

Mobile Device Forensics Fundamentals

Extraction and analysis of iOS and Android devices. Preservation protocol, acquisition types, AFU/BFU concepts, iOS and Android security architecture, Cellebrite UFED, Magnet AXIOM, GrayKey, messaging app artifacts, location evidence, cloud legal process, and court-ready mobile evidence reporting. 14 modules, 21 lessons.

🌐 Developed by Eric L. Waldrep — U.S. State Dept. ATA Cyber Mentor · MCFE Certified · 200+ Cases
$497
per seat · agency licensing available
Duration10–12 hrs
FormatOnline Self-Paced
Modules14 modules
Lessons21 lessons
Tools (educational)Cellebrite, AXIOM, GrayKey
CPE Credits12 CPEs
CertificateYes
✅ You're enrolled. Go to Course →

New student? You'll create a free account first, then go straight to secure checkout.

🛡️ 7-Day Money-Back Guarantee
Request Group Pricing Government PO / Net-30

Secure checkout via Stripe. Instant access after payment confirmation.

Free Download · PDF

Not ready to enroll? Get the full syllabus.

Every module and lesson in Mobile Device Forensics Fundamentals, plus pricing, CPE, and certificate details. We'll email you the PDF instantly. No spam, no sales calls.

Prefer to talk? Call (251) 216-1164 or request group / agency pricing above.

Learning Outcomes

What You'll Learn

Apply Riley v. California and Carpenter v. United States to mobile device seizure and legal process decisions
Execute proper seizure protocol — Faraday isolation, AFU/BFU state preservation, and contemporaneous documentation
Distinguish logical, file system, and physical acquisition types and select the appropriate method per device and OS version
Understand iOS and Android security architecture — Secure Enclave, FBE, Samsung Knox, ADB, and OEM extraction variation
Operate Cellebrite UFED, Magnet AXIOM, and GrayKey workflows and cross-validate critical findings across tools
Extract and interpret SMS, iMessage, WhatsApp, Signal, Telegram, and Snapchat artifacts — including deleted record recovery
Analyze KnowledgeC.db, Photos.sqlite, browser history, and iOS health data as behavioral artifact sources
Analyze GPS, Apple Significant Locations, Google Location History, and CSLI with correct precision and source language
Draft and serve cloud legal process under 18 U.S.C. § 2703 and correctly interpret returns from Apple, Google, Meta, and Snap
Write court-ready mobile forensics reports that explain acquisition type, limitations, and provider return findings to non-technical readers
Who This Course Serves

Built for Practitioners

Smartphones are the primary evidence source in most modern investigations. This course is for professionals who need to handle, extract, and explain mobile evidence correctly.

🚔
Law Enforcement
⚖️
Attorneys & Paralegals
🏛️
Government Agencies
🪖
Military & Intelligence
🏢
Corporate Security
🔍
Private Investigators
🧪
Forensic Examiners
📋
Compliance Teams
Course Curriculum

14 Modules  ·  21 Lessons  ·  Final Assessment

01Why Mobile Devices Matter
  • Phones as Evidence Sources
  • Mobile Evidence Limitations
02Mobile Evidence Fundamentals
  • Device Identifiers — IMEI, ICCID, Apple ID, Android ID
  • iOS vs. Android Architecture — SIM/eSIM Handling, SD Card Acquisition
03Legal Authority & Scope
  • Legal Authority for Mobile Device Examination (Riley, Carpenter)
04Mobile Device Preservation
  • Seizure Protocol — Faraday, Network Isolation, AFU/BFU, Power State
05Mobile Acquisition Basics
  • Acquisition Types — Manual, Logical, File System, Physical, AFU vs. BFU
06iOS & Android Forensic Concepts
  • iOS Security Model — Secure Enclave, Data Protection Classes, iCloud Backup
  • Android Security Model — FDE/FBE, ADB Limitations, SELinux, Samsung Knox
07Tool-Based Workflow
  • Cellebrite UFED Workflow
  • Magnet AXIOM Workflow
  • GrayKey — LE-Only Extraction, Full vs. Partial, Passcode Timing
08Core Mobile Artifacts
  • Contacts, Call Logs, SMS, iMessage, MMS — Sources & Validation
  • Device Activity Artifacts — Photos.sqlite, KnowledgeC.db, Safari/Chrome, HealthKit
09Messaging App Evidence
  • WhatsApp, Signal, Telegram, Snapchat — Artifacts, Limits & Recovery
10Location Evidence
  • GPS, Apple Significant Locations, Google Location History, CSLI, Interpretation
11Mobile Analysis Workflow
  • Intake, Acquisition Planning, Artifact Triage, Keyword Search, Bookmarking
12Reporting & Court Readiness
  • Mobile Evidence Reporting — Acquisition Type, Limitations, Exhibits, Testimony
13Cloud Evidence & Legal Process
  • Cloud Preservation & Legal Process — 18 U.S.C. § 2703, Provider Requests
  • Interpreting Provider Returns — Apple, Google, Meta, Snap Timestamp Analysis
14Final Assessment
  • Course Review & Key Takeaways
★ Final Knowledge Quiz  ·  Certificate of Completion
Your Instructor

Developed by the Practitioner Who Built It

Eric L. Waldrep
Eric L. Waldrep
Director of Training — The Waldrep Company  |  U.S. State Dept. ATA Cyber Mentor  |  MCFE Certified

Eric Waldrep has been in law enforcement for 27+ years and active digital forensics for 17+ years, examining 200+ cases in federal and state courts. Cellebrite CCPA certified. Selected by the U.S. State Department's ATA program to train allied nation law enforcement in digital forensics. His mobile forensics curriculum comes directly from active mobile evidence cases — not certification prep materials.

MCFE Certified
CCPA Cellebrite Certified
State Dept. ATA Cyber Mentor
17+ years forensics
200+ cases
Completion

Certificate of Completion

🎓
Certificate of Completion — The Waldrep Company

Students who complete all 14 modules and the final assessment receive a Certificate of Completion from The Waldrep Company, issued in the student's name, signed by Eric L. Waldrep, and including course title, completion date, and course duration.

Note: Certificate of Completion from The Waldrep Company. Does not constitute a third-party forensic certification.

Common Questions

Frequently Asked Questions

Do I need Cellebrite or GrayKey to take this course?
No. This is a concept and methodology course. You don't need any tools installed. The course covers Cellebrite UFED and Magnet AXIOM workflows through detailed written instruction. Cellebrite Premium and GrayKey are covered conceptually — they are law enforcement tools not available for private purchase.
Is this course appropriate for prosecutors and defense attorneys?
Yes. Attorneys who review, challenge, or sponsor mobile evidence benefit from understanding how it was collected, what limitations apply, and how to question the examiner's methodology. The course is written to be accessible to non-engineers.
What does "AFU vs. BFU" mean and why does it matter?
After First Unlock (AFU) and Before First Unlock (BFU) describe the encryption state of an iOS device. AFU devices — those that have been unlocked at least once since boot — provide significantly more extraction data. BFU devices (just powered on, never unlocked) are much more difficult to extract from. Module 4 covers seizure protocol for preserving AFU state.
Can my agency purchase via purchase order?
Yes. Government PO and net-30 invoicing are accepted. Contact us at (251) 216-1164 or submit an inquiry.
Do you offer group pricing?
Yes — discounted rates are available for groups of 8 or more. Contact us to arrange group enrollment and invoicing.
Is a refund available?
7-day satisfaction guarantee. If within 7 days of enrollment you decide the course is not for you, contact info@thewaldrepcompany.com or call (251) 216-1164 for a full refund. See the full refund policy.

This course is provided for educational purposes only. References to commercial forensic products — including but not limited to Cellebrite® UFED, Cellebrite Premium, Magnet AXIOM, and GrayKey® — are made solely to illustrate concepts, methodologies, and publicly documented workflows that practitioners may encounter in the field.

Discussion of any specific tool is not intended as, and shall not be construed as: (i) an endorsement, recommendation, or comparative evaluation of one product over another; (ii) operational training, certification, or qualification in the use of that product; (iii) an authoritative statement of any vendor's current capabilities, features, version behavior, or pricing; or (iv) the disclosure of confidential, proprietary, or non-public information. This course is not a substitute for the vendor-provided training and certification required to operate any specific tool.

All tool references rely exclusively on information made publicly available by the respective vendors or in published literature. All trademarks, product names, and registered marks are the property of their respective owners and are used herein for identification and educational purposes only. The Waldrep Company is not affiliated with, sponsored by, or endorsed by any of the tool vendors mentioned in this course.

Certificate Disclaimer. The Certificate of Completion issued by The Waldrep Company evidences that the holder completed the course curriculum and passed the required assessments. It is not a license, an accreditation, a government or POST certification, vendor certification (such as Cellebrite CCO/CCPA or Magnet AXIOM Certified Examiner), or a guarantee that any specific court will qualify the holder as an expert witness under Daubert, Kumho, Frye, or any state analogue. Whether a witness is qualified in a specific matter is a determination reserved to the trial court in that matter. See our Terms of Service for full details.

Enroll or Inquire

Ready to Get Started?

Enroll online, request group pricing, or contact us for government PO billing and custom on-site delivery.

Request Group Pricing

Government PO · Net-30 billing · Group rates for 8+ · (251) 216-1164