Difference between pages "Mobile malware" and "Training Courses and Providers"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(QR Codes)
 
(On-going / Continuous Training)
 
Line 1: Line 1:
Mobile malware is software created to infect or gain access to mobile devices such as [[cell phones]], [[tablets]], and [[PDAs]].
+
This is the list of Training Providers, who offer training courses of interest to practitioners and researchers in the field of Digital Forensics.  Conferences which may include training are located on the [[Upcoming_events]] page.
  
== History ==
+
<b>PLEASE READ BEFORE YOU EDIT THE LIST BELOW</b><br>
Mobile malware was initially considered to be a hoax until it became obvious that malicious software existed and functioned on mobile devices. The earliest recorded mobile malware was called Cabir. It was released in 2004 and was designed to infect [[Symbian]] OS platforms via a Bluetooth connection. It was essentially harmless, but nonetheless proved to the public that worms could be found on mobile devices.
+
Some training providers offer on-going training courses that are available in an on-line "any time" format. Others have regularly scheduled training that is the same time each month. Others have recurring training but are scheduled at various times throughout the year. Providers training courses should be listed in alphabetical order, and should be listed in the appropriate section. Non-Commercial training is typically offered by governmental agencies or organizations that directly support law enforcement.  Tool Vendor training is training offered directly by a specific tool vendor, which may apply broadly, but generally is oriented to the vendor's specific tool (or tool suite).  Commercial Training is training offered by commercial companies which may or may not be oriented to a specific tool/tool suite, but is offered by a company other than a tool vendor.
  
== Recent Trends==
+
<i>Some training opportunities may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
Since mobile devices usually contain private and valuable information, mobile malware has recently began moving toward having a specific purpose (usually exploiting information) as opposed to viruses created solely for bragging rights.
+
== On-going / Continuous Training ==
 +
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! width="40%"|Title
 +
! width="20%"|Date/Location
 +
! width="40%"|Website
 +
|-
 +
|- style="background:pink;align:left"
 +
! DISTANCE LEARNING
 +
|-
 +
|Basic Computer Examiner Course - Computer Forensic Training Online
 +
|Distance Learning Format
 +
|http://www.cftco.com
 +
|-
 +
|SANS On-Demand Training
 +
|Distance Learning Format
 +
|http://www.sans.org/ondemand/?portal=69456f95660ade45be29c00b0c14aea1
 +
|-
 +
|Champlain College - CCE Course
 +
|Online / Distance Learning Format
 +
|http://online.champlain.edu/computer-forensics-digital-investigation/CFDI_440
 +
|-
 +
|National Center for Media Forensics
 +
|Distance and Concentrated Audio/Video/Image Forensics
 +
|http://cam.ucdenver.edu/ncmf
 +
|-
 +
|- style="background:pink;align:left"
 +
!RECURRING TRAINING
 +
|-
 +
|Evidence Recovery for Windows 7&reg; operating system;
 +
|First full week every month<br>Brunswick, GA
 +
|http://www.internetcrimes.net
 +
|-
 +
|Evidence Recovery for Windows 8&reg;
 +
|Second full week every month<br>Brunswick, GA
 +
|http://www.internetcrimes.net
 +
|-
 +
|Evidence Recovery for Windows Server&reg; 2008 and 2012
 +
|Third full week every month<br>Brunswick, GA
 +
|http://www.internetcrimes.net
 +
|-
 +
|}
  
== Attack Types ==
+
==Non-Commercial Training==
=== Bluetooth ===
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
Attacks via [[Bluetooth]] have the ability to infect any phone with Bluetooth capabilities and can even exploit feature phones. These proximity-based attacks use the local Bluetooth network, usually in a crowded area, to send unwarranted requests to phones. Since Bluetooth can be used to transmit files, malicious executables can be sent across the network to everybody that accepts the request and installs the software. Some of these attacks, such as the Cabir, are worms which send out the request from an infected phone without the user knowing, thus quickly spreading it from phone to phone. Protection from these attacks is simple - cell phone users should not leave Bluetooth on, and it if is left on, users should not accept requests from unknown connections.
+
|- style="background:#bfbfbf; font-weight: bold"
 +
! width="40%"|Title
 +
! width="40%"|Website
 +
! width="20%"|Limitation
 +
|-
 +
|Defense Cyber Investigations Training Academy (DCITA)
 +
|http://www.dc3.mil/dcita/dcitaAbout.php
 +
|Limited To Certain Roles within US Government Agencies[http://www.dc3.mil/dcita/dcitaRegistration.php (1)]
 +
|-
 +
|Federal Law Enforcement Training Center
 +
|http://www.fletc.gov/training/programs/technical-operations-division
 +
|Limited To Law Enforcement
 +
|-
 +
|MSU National Forensics Training Center
 +
|http://www.security.cse.msstate.edu/ftc
 +
|Limited To Law Enforcement
 +
|-
 +
|IACIS
 +
|http://www.iacis.com/training/course_listings
 +
|Limited To Law Enforcement and Affiliate Members of IACIS
 +
|-
 +
|SEARCH
 +
|http://www.search.org/programs/hightech/courses/
 +
|Limited To Law Enforcement
 +
|-
 +
|National White Collar Crime Center
 +
|http://www.nw3c.org/training
 +
|Limited To Law Enforcement
 +
|-
 +
|}
  
=== Application Marketplace ===
+
==Tool Vendor Training==
Malicious software can be installed via application marketplaces. For example, according to webroot.com, applications disguised as Angry Birds level unlockers were available in the Android Market. Once installed, the creator had access to precious information such as browsing history, bookmarks, etc. The application also contacted a remote server that gave the phone instructions for downloading additional malware.
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! width="40%"|Title
 +
! width="40%"|Website
 +
! width="20%"|Limitation
 +
|-
 +
|AccessData (Forensic Tool Kit FTK)
 +
|http://accessdata.com/training
 +
|-
 +
|ASR Data (SMART)
 +
|http://www.asrdata.com/forensic-training/overview/
 +
|-
 +
|ATC-NY (P2P Marshal, Mac Marshal)
 +
|http://p2pmarshal.atc-nycorp.com/index.php/training http://macmarshal.atc-nycorp.com/index.php/training
 +
|-
 +
|BlackBag Technologies (Mac Forensic Tools- BlackLight and SoftBlock)
 +
|https://www.blackbagtech.com/training.html
 +
|-
 +
|Cellebrite (UFED)
 +
|http://www.cellebrite.com/mobile-forensic-training.html
 +
|-
 +
|CPR Tools (Data Recovery)
 +
|http://www.cprtools.net/training.php
 +
|-
 +
|Digital Intelligence (FRED Forensics Platform)
 +
|http://www.digitalintelligence.com/forensictraining.php
 +
|-
 +
|e-fense, Inc. (Helix3 Pro)
 +
|http://www.e-fense.com/training/index.php
 +
|-
 +
|Forward Discovery (Cellebrite, EnCase, Mac Forensics)
 +
|http://www.forwarddiscovery.com/training
 +
|-
 +
|Guidance Software (EnCase)
 +
|http://www.guidancesoftware.com/computer-forensics-training-courses.htm
 +
|-
 +
|Micro Systemation (XRY)
 +
|http://www.msab.com/training/schedule
 +
|-
 +
|Nuix (eDiscovery)
 +
|http://www.nuix.com.au/training
 +
|-
 +
|Paraben (Paraben Suite)
 +
|http://www.paraben-training.com/schedule.html
 +
|-
 +
|Software Analysis & Forensic Engineering (CodeSuite)
 +
|http://www.safe-corp.biz/training.htm
 +
|-
 +
|Technology Pathways(ProDiscover)
 +
|http://www.techpathways.com/DesktopDefault.aspx?tabindex=6&tabid=9
 +
|-
 +
|Volatility Labs (Volatility Framework)
 +
|http://volatility-labs.blogspot.com/search/label/training
 +
|-
 +
|WetStone Technologies (Gargoyle, Stego Suite, LiveWire Investigator)
 +
|https://www.wetstonetech.com/trainings.html
 +
|-
 +
|X-Ways Forensics (X-Ways Forensics)
 +
|http://www.x-ways.net/training/
 +
|-
 +
|}
  
To protect against this kind of attack, users can judge the legitimacy of the application with a few simple guidelines. Applications that require a lot of permissions for no apparent reason should be avoided. Also, the credibility of a publisher can easily be researched if the user is unsure.
+
==Commercial Training (Non-Tool Vendor)==
 
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
=== WiFi ===
+
|- style="background:#bfbfbf; font-weight: bold"
Information can be stolen from devices when they are connected to public [[WiFi]] hotspots. Users should not do banking, shopping, or other tasks that expose personal information while connected to unsecured networks. This is not an issue unique to mobile devices, but because of the nature of mobile devices, they are more likely to be used in public places on these networks.
+
! width="40%"|Title
 
+
! width="40%"|Website
=== SMS ===
+
! width="20%"|Limitation
[[SMS]] attacks are generally similar to each other. Malicious software is installed on the phone by some means which continually sends unnoticed text messages from the user's phone to premium numbers which creates charges on the user's account. According to Kaspersky Labs, the SMS-Trojan was first discovered for the Android operating system in early 2011. The news report says, "The Trojan-SMS category is currently the most widespread class of malware for mobile phones, but Trojan-SMS.AndroidOS.FakePlayer.a is the first to specifically target the Android platform." To protect against these attacks, users should be cautious of what applications are installed on their devices and who the creators of the applications are.
+
|-
 
+
|Applied Security (Digital Forensics Training)
SMS attacks can also simply be spam messages with links to malicious sites. The problem with this type of attack is that it must target specific phones in order to execute scripts that are compatible.
+
|http://www.appliedsec.com/forensics/training.html
 
+
|-
=== QR Codes ===
+
|BerlaCorp iOS and GPS Forensics Training
Because [[QR Codes]] are completely obfuscated by nature, they provide the means of taking curious smartphone users to malicious web sites. There are three ways QR codes can be maliciously presented to a user. The first method is placing a QR code by itself with no explanation or context, causing some people to get curious and scan it. The second way of getting people to scan the code is to place a stamp or sticker over an existing one so that it is disguised as a harmless QR code. The third way of presenting malicious codes to the public would be digitally through email.
+
|http://www.berlacorp.com/training.html
 
+
|-
QR Code attacks work by taking the person that scans it to a website that performs malicious activities. For example, according to darkreading.com, a QR code that is distributed to target iOS devices might navigate the web browser to a site that will jailbreak the phone and then install malware on it once the built in security can be altered.
+
|Computer Forensic Training Center Online (CFTCO)
 
+
|http://www.cftco.com/
To protect against these attacks, smartphone users should only scan QR codes with software that allow them to confirm the action the code elicits.
+
|-
 
+
|CCE Bootcamp
== External Links and Resources==
+
|http://www.cce-bootcamp.com/
[http://safeandsavvy.f-secure.com/2011/06/14/a-quick-guide-to-mobile-malware-part-1-2/ A Quick Guide To Mobile Malware]
+
|-
 
+
|Cyber Security Academy
[http://www.cs.berkeley.edu/~afelt/mobilemalware.pdf A Survey of Mobile Malware in the Wild]
+
|http://www.cybersecurityacademy.com/
 
+
|-
[http://www.readwriteweb.com/archives/6_mobile_malware_predictions_for_2012.php 6 Mobile Malware Trends for 2012]
+
|Dera Forensics Group
 
+
|http://www.deraforensicgroup.com/courses.htm
[http://en.wikipedia.org/wiki/Mobile_virus Wikipedia entry regarding mobile malware]
+
|-
 
+
|e-fense Training
[http://www.darkreading.com/mobile-security/167901113/security/news/232301147/qr-code-malware-picks-up-steam.html QR Code Malware Picks Up Steam]
+
|http://www.e-fense.com/training/index.php
 
+
|-
[http://www.kaspersky.com/about/news/virus/2010/First_SMS_Trojan_detected_for_smartphones_running_Android First SMS Trojan Detected for Smartphones Running Android]
+
|Forward Discovery, Inc.
 
+
|http://www.forwarddiscovery.com
[http://blog.webroot.com/2011/06/10/android-plankton-angry-birds-cheating-malware-contains-bot-like-code/ Android Malware Contains Bot Like Code]
+
|-
 
+
|H-11 Digital Forensics
== Mailinglists ==
+
|http://www.h11-digital-forensics.com/training/viewclasses.php
 
+
|-
* [http://groups.google.com/group/mobilemalware mobile.malware Google Group]
+
|High Tech Crime Institute
 +
|http://www.gohtci.com
 +
|-
 +
|Infosec Institute
 +
|http://www.infosecinstitute.com/courses/security_training_courses.html
 +
|-
 +
|Intense School (a subsidiary of Infosec Institute)
 +
|http://www.intenseschool.com/schedules
 +
|-
 +
|MD5 Group (Computer Forensics and E-Discovery courses)(Dallas, TX)
 +
|http://www.md5group.com
 +
|-
 +
|Mile 2 (Security and Forensics Certification Training)
 +
|https://www.mile2.com/mile2-online-estore/classess.html
 +
|-
 +
|Mobile Forensics, Inc
 +
|http://mobileforensicsinc.com/
 +
|-
 +
|NetSecurity
 +
|http://www.netsecurity.com/training/registration_schedule.html
 +
|-
 +
|NID Forensics Academy (Certified Digital Forensic Investigator - CDFI Program)
 +
|http://www.nidforensics.com.br/
 +
|-
 +
|NTI (an Armor Forensics Company) APPEARS DEFUNCT
 +
|http://www.forensics-intl.com/training.html
 +
|-
 +
|Security University
 +
|http://www.securityuniversity.net/classes.php
 +
|-
 +
|Steganography Analysis and Research Center (SARC)
 +
|http://www.sarc-wv.com/training
 +
|-
 +
|Sumuri, LLC - Mac, Mobile, iLook Training
 +
|http://www.sumuri.com/
 +
|-
 +
|SysAdmin, Audit, Network, Security Institute (SANS)
 +
|http://computer-forensics.sans.org/courses/
 +
|-
 +
|Teel Technologies Mobile Device Forensics Training
 +
|http://www.teeltech.com/tt3/training.asp
 +
|-
 +
|viaForensics Advanced Mobile Forensics Training
 +
|http://viaforensics.com/education/calendar/
 +
|-
 +
|Zeidman Consulting (MCLE)
 +
|http://www.zeidmanconsulting.com/speaking.htm
 +
|-
 +
|}

Latest revision as of 14:25, 13 June 2014

This is the list of Training Providers, who offer training courses of interest to practitioners and researchers in the field of Digital Forensics. Conferences which may include training are located on the Upcoming_events page.

PLEASE READ BEFORE YOU EDIT THE LIST BELOW
Some training providers offer on-going training courses that are available in an on-line "any time" format. Others have regularly scheduled training that is the same time each month. Others have recurring training but are scheduled at various times throughout the year. Providers training courses should be listed in alphabetical order, and should be listed in the appropriate section. Non-Commercial training is typically offered by governmental agencies or organizations that directly support law enforcement. Tool Vendor training is training offered directly by a specific tool vendor, which may apply broadly, but generally is oriented to the vendor's specific tool (or tool suite). Commercial Training is training offered by commercial companies which may or may not be oriented to a specific tool/tool suite, but is offered by a company other than a tool vendor.

Some training opportunities may be limited to Law Enforcement Only or to a specific audience. Such restrictions should be noted when known.

On-going / Continuous Training

Title Date/Location Website
DISTANCE LEARNING
Basic Computer Examiner Course - Computer Forensic Training Online Distance Learning Format http://www.cftco.com
SANS On-Demand Training Distance Learning Format http://www.sans.org/ondemand/?portal=69456f95660ade45be29c00b0c14aea1
Champlain College - CCE Course Online / Distance Learning Format http://online.champlain.edu/computer-forensics-digital-investigation/CFDI_440
National Center for Media Forensics Distance and Concentrated Audio/Video/Image Forensics http://cam.ucdenver.edu/ncmf
RECURRING TRAINING
Evidence Recovery for Windows 7® operating system; First full week every month
Brunswick, GA
http://www.internetcrimes.net
Evidence Recovery for Windows 8® Second full week every month
Brunswick, GA
http://www.internetcrimes.net
Evidence Recovery for Windows Server® 2008 and 2012 Third full week every month
Brunswick, GA
http://www.internetcrimes.net

Non-Commercial Training

Title Website Limitation
Defense Cyber Investigations Training Academy (DCITA) http://www.dc3.mil/dcita/dcitaAbout.php Limited To Certain Roles within US Government Agencies(1)
Federal Law Enforcement Training Center http://www.fletc.gov/training/programs/technical-operations-division Limited To Law Enforcement
MSU National Forensics Training Center http://www.security.cse.msstate.edu/ftc Limited To Law Enforcement
IACIS http://www.iacis.com/training/course_listings Limited To Law Enforcement and Affiliate Members of IACIS
SEARCH http://www.search.org/programs/hightech/courses/ Limited To Law Enforcement
National White Collar Crime Center http://www.nw3c.org/training Limited To Law Enforcement

Tool Vendor Training

Title Website Limitation
AccessData (Forensic Tool Kit FTK) http://accessdata.com/training
ASR Data (SMART) http://www.asrdata.com/forensic-training/overview/
ATC-NY (P2P Marshal, Mac Marshal) http://p2pmarshal.atc-nycorp.com/index.php/training http://macmarshal.atc-nycorp.com/index.php/training
BlackBag Technologies (Mac Forensic Tools- BlackLight and SoftBlock) https://www.blackbagtech.com/training.html
Cellebrite (UFED) http://www.cellebrite.com/mobile-forensic-training.html
CPR Tools (Data Recovery) http://www.cprtools.net/training.php
Digital Intelligence (FRED Forensics Platform) http://www.digitalintelligence.com/forensictraining.php
e-fense, Inc. (Helix3 Pro) http://www.e-fense.com/training/index.php
Forward Discovery (Cellebrite, EnCase, Mac Forensics) http://www.forwarddiscovery.com/training
Guidance Software (EnCase) http://www.guidancesoftware.com/computer-forensics-training-courses.htm
Micro Systemation (XRY) http://www.msab.com/training/schedule
Nuix (eDiscovery) http://www.nuix.com.au/training
Paraben (Paraben Suite) http://www.paraben-training.com/schedule.html
Software Analysis & Forensic Engineering (CodeSuite) http://www.safe-corp.biz/training.htm
Technology Pathways(ProDiscover) http://www.techpathways.com/DesktopDefault.aspx?tabindex=6&tabid=9
Volatility Labs (Volatility Framework) http://volatility-labs.blogspot.com/search/label/training
WetStone Technologies (Gargoyle, Stego Suite, LiveWire Investigator) https://www.wetstonetech.com/trainings.html
X-Ways Forensics (X-Ways Forensics) http://www.x-ways.net/training/

Commercial Training (Non-Tool Vendor)

Title Website Limitation
Applied Security (Digital Forensics Training) http://www.appliedsec.com/forensics/training.html
BerlaCorp iOS and GPS Forensics Training http://www.berlacorp.com/training.html
Computer Forensic Training Center Online (CFTCO) http://www.cftco.com/
CCE Bootcamp http://www.cce-bootcamp.com/
Cyber Security Academy http://www.cybersecurityacademy.com/
Dera Forensics Group http://www.deraforensicgroup.com/courses.htm
e-fense Training http://www.e-fense.com/training/index.php
Forward Discovery, Inc. http://www.forwarddiscovery.com
H-11 Digital Forensics http://www.h11-digital-forensics.com/training/viewclasses.php
High Tech Crime Institute http://www.gohtci.com
Infosec Institute http://www.infosecinstitute.com/courses/security_training_courses.html
Intense School (a subsidiary of Infosec Institute) http://www.intenseschool.com/schedules
MD5 Group (Computer Forensics and E-Discovery courses)(Dallas, TX) http://www.md5group.com
Mile 2 (Security and Forensics Certification Training) https://www.mile2.com/mile2-online-estore/classess.html
Mobile Forensics, Inc http://mobileforensicsinc.com/
NetSecurity http://www.netsecurity.com/training/registration_schedule.html
NID Forensics Academy (Certified Digital Forensic Investigator - CDFI Program) http://www.nidforensics.com.br/
NTI (an Armor Forensics Company) APPEARS DEFUNCT http://www.forensics-intl.com/training.html
Security University http://www.securityuniversity.net/classes.php
Steganography Analysis and Research Center (SARC) http://www.sarc-wv.com/training
Sumuri, LLC - Mac, Mobile, iLook Training http://www.sumuri.com/
SysAdmin, Audit, Network, Security Institute (SANS) http://computer-forensics.sans.org/courses/
Teel Technologies Mobile Device Forensics Training http://www.teeltech.com/tt3/training.asp
viaForensics Advanced Mobile Forensics Training http://viaforensics.com/education/calendar/
Zeidman Consulting (MCLE) http://www.zeidmanconsulting.com/speaking.htm