3-Day Course — Online Self-Paced

Mobile Device Forensics

Name: Mobile Device Forensics
Price: 1800 USD
Availability: InStock

Hands-on extraction and analysis of iOS and Android devices. Preservation protocol, acquisition types, AFU/BFU concepts, Cellebrite UFED, Magnet AXIOM, GrayKey, messaging app artifacts, location evidence, and court-ready mobile evidence reporting. 13 modules, 22 lessons.

🌐 Taught by Eric L. Waldrep — U.S. State Dept. ATA Cyber Mentor · MCFE Certified · 200+ Cases

$1,800

per seat

🏷 Group rate: $1,400/seat for 8+ attendees

Duration3 days / 24 hrs

FormatOnline Self-Paced

Modules13 modules

Lessons22 lessons

ToolsCellebrite, AXIOM, GrayKey

CertificateYes

✅ You're enrolled. Go to Course →

Request Group Pricing Government PO / Net-30

Secure checkout via Stripe. Instant access after payment confirmation.

What You'll Learn

✓Apply Riley v. California and Carpenter v. United States to mobile device seizure and legal process decisions

✓Execute proper seizure protocol — Faraday isolation, AFU/BFU state preservation, and contemporaneous documentation

✓Distinguish logical, file system, and physical acquisition types and select the appropriate method per device

✓Operate Cellebrite UFED and Magnet AXIOM workflows and cross-validate critical findings

✓Extract and interpret SMS, iMessage, WhatsApp, Signal, Telegram, and Snapchat artifacts

✓Analyze GPS, Apple Significant Locations, Google Location History, and CSLI with correct precision language

✓Identify iOS and Android device identifiers (IMEI, ICCID, Apple ID, Google Account) for account attribution

✓Write court-ready mobile forensics reports that explain acquisition type and limitations to non-technical readers

Built for Practitioners

Smartphones are the primary evidence source in most modern investigations. This course is for professionals who need to handle, extract, and explain mobile evidence correctly.

🚔

Law Enforcement

⚖️

Attorneys & Paralegals

🏛️

Government Agencies

🪖

Military & Intelligence

🏢

Corporate Security

🔍

Private Investigators

🧪

Forensic Examiners

📋

Compliance Teams

13 Modules · 22 Lessons · Final Assessment

01Why Mobile Devices Matter▾

Phones as Evidence Sources
Mobile Evidence Limitations

02Mobile Evidence Fundamentals▾

Device Identifiers — IMEI, ICCID, Apple ID, Android ID

03Legal Authority & Scope▾

Legal Authority for Mobile Device Examination (Riley, Carpenter)

04Mobile Device Preservation▾

Seizure Protocol — Faraday, Network Isolation, AFU/BFU, Power State

05Mobile Acquisition Basics▾

Acquisition Types — Manual, Logical, File System, Physical, AFU vs. BFU

06iOS & Android Forensic Concepts▾

iOS Security Model — Secure Enclave, Data Protection Classes, iCloud Backup

07Tool-Based Workflow▾

Cellebrite UFED Workflow
Magnet AXIOM Workflow

08Core Mobile Artifacts▾

Contacts, Call Logs, SMS, iMessage, MMS — Sources & Validation

09Messaging App Evidence▾

WhatsApp, Signal, Telegram, Snapchat — Artifacts, Limits & Recovery

10Location Evidence▾

GPS, Apple Significant Locations, Google Location History, CSLI, Interpretation

11Mobile Analysis Workflow▾

Intake, Acquisition Planning, Artifact Triage, Keyword Search, Bookmarking

12Reporting & Court Readiness▾

Mobile Evidence Reporting — Acquisition Type, Limitations, Exhibits, Testimony

13Final Assessment▾

Course Review & Key Takeaways

★ Final Knowledge Quiz · Certificate of Completion

Taught by the Practitioner Who Built It

Eric L. Waldrep

Director of Training — The Waldrep Company | U.S. State Dept. ATA Cyber Mentor | MCFE Certified

Eric Waldrep has been in law enforcement for 27+ years and active digital forensics for 17+ years, examining 200+ cases in federal and state courts. Cellebrite CCPA certified. Selected by the U.S. State Department's ATA program to train allied nation law enforcement in digital forensics. His mobile forensics curriculum comes directly from active mobile evidence cases — not certification prep materials.

MCFE Certified

CCPA Cellebrite Certified

State Dept. ATA Cyber Mentor

17+ years forensics

200+ cases

Certificate of Completion

🎓

Certificate of Completion — The Waldrep Company

Students who complete all 13 modules and the final assessment receive a Certificate of Completion from The Waldrep Company, issued in the student's name, signed by Eric L. Waldrep, and including course title, completion date, and course duration.

Note: Certificate of Completion from The Waldrep Company. Does not constitute a third-party forensic certification.

Frequently Asked Questions

Do I need Cellebrite or GrayKey to take this course?▾

No. This is a concept and methodology course. You don't need any tools installed. The course covers Cellebrite UFED and Magnet AXIOM workflows through detailed written instruction. Cellebrite Premium and GrayKey are covered conceptually — they are law enforcement tools not available for private purchase.

Is this course appropriate for prosecutors and defense attorneys?▾

Yes. Attorneys who review, challenge, or sponsor mobile evidence benefit from understanding how it was collected, what limitations apply, and how to question the examiner's methodology. The course is written to be accessible to non-engineers.

What does "AFU vs. BFU" mean and why does it matter?▾

After First Unlock (AFU) and Before First Unlock (BFU) describe the encryption state of an iOS device. AFU devices — those that have been unlocked at least once since boot — provide significantly more extraction data. BFU devices (just powered on, never unlocked) are much more difficult to extract from. Module 4 covers seizure protocol for preserving AFU state.

Can my agency purchase via purchase order?▾

Yes. Government PO and net-30 invoicing are accepted. Contact us at (251) 216-1164 or submit an inquiry.

What is the group rate?▾

$1,400 per seat for groups of 8 or more. Contact us to arrange group enrollment and invoicing.