GIAC Launches New Certification for Advanced Smartphone Forensics, GASF

The new GIAC Advanced Smartphone Forensics is for professionals who want to demonstrate that they are qualified to perform forensic examinations on devices such as mobile phones and tablets. Candidates are required to demonstrate an understanding of the fundamentals of mobile forensics, device file system analysis, mobile application behavior, event artifact analysis and the identification and analysis of mobile device malware. Get certified in GIAC Advanced Smartphone Forensics

Successful GASF candidates will demonstrate an advanced understanding, and application, of core smartphone forensic analysis concepts and techniques to extract artifacts from mobile devices and its components.  Certified individuals will be able to leverage tools, scripts and decoding techniques to parse data and determine how the artifact was placed on the device and how it pertains to the investigation. 

"The new GASF is the first smartphone forensic certification that focuses on analysis and not just tool acquisition provided by commercial vendors. This certification shows that individuals not only understand how to leverage tools to acquire and triage data, but understand how the data was placed on the device, how to parse the data when the commercial tool cannot support it and most importantly what the artifact represents," stated Heather Mahalik, co-author of SANS training course FOR585: Advanced Smartphone Forensics.

This certification is not associated with any mobile forensics vendor or tool, making it the only vendor-agnostic mobile forensic certification in the industry. For help with registering for the GASF certification exam.

About GIAC

Global Information Assurance Certification (GIAC) is a certification body featuring over 30 hands-on, technical certifications in information security. GIAC has certified over 85,000 IT security professionals since it was founded in 1999. Eleven GIAC certifications are accredited under the IEC/ISO/ANSI 17024 quality standard for certifying bodies.

Success Secrets: How you can Pass GIAC Certification Exams in first attempt 

GIAC Launches New Certification for Python Coders, GPYC

The new GIAC Python Code certification is targeted toward penetration testers and information security professionals who want to use the Python programming language to enhance their effectiveness during information security engagements or projects. It is also helpful for experienced Python developers who want to build additional information security skills. Get certified in Python code: www.giac.org/u/hjF

Successful GPYC candidates will demonstrate an understanding of core programming concepts, and the ability to write and analyze working code using the Python programming language. They will be familiar with several common Python libraries, and be able to use that functionality in their programs.

"The security industry is evolving.  The constant development of malware and new attack techniques means that security professionals must be able to rapidly develop tools to respond to these new threats.  Likewise, penetration testers can no longer wait for someone else to develop the tools they need and must know how to develop their own tools. Employers need to know that their perspective new-hires have the ability to leverage Python to develop those tools. Now, the GPYC exam provides the ability to identify people who really have the skills that meet the needs of perspective employers," Mark Baggett, author of SANS training course, SEC573: Python for Penetration Testers.

GPYC certified professionals will be able to demonstrate the following:

• Ability to create and modify customer tools makes them a valuable member of any information security team
• Code developers with information security skills can:

1. Customize tools to their environment
2. Develop tools for the information security community
3. Increase productivity by automating previously manual tasks
4. Simulate advanced attacks and more

• Specialized focus on skills and techniques that will assist an InfoSec pro in penetration tests, daily work, and special projects
• Develop Python-based tools to interact with network traffic, create custom executables, test and interact with databases and websites, and parse logos or sets of data

About GIAC

Global Information Assurance Certification (GIAC) is a certification body featuring over 30 hands-on, technical certifications in information security. GIAC has certified over 50,000 IT security professionals since it was founded in 1999. Eleven GIAC certifications are accredited under the IEC/ISO/ANSI 17024 quality standard for certifying bodies.

How to build an Android application testing toolbox

Mobile devices hold a trove a data that could be crucial to criminal cases, and they also can play a key role in accident reconstructions, IP theft investigations and more. It's not just investigators who care about examining a mobile device — so do those interested in application research and data, and enterprises who rely on smartphones and tablets to perform work tasks, engage with customers and deliver new services.Effectively accessing and testing smartphones requires an optimal application toolbox, and the chops to use it. Listen to this webinar that details how to build your Android application testing toolbox to ensure you're set up to successfully access and examine the information you need from Android mobile phones.

GIAC instructor Domenica Crognale, who is one of the course co-authors of GIAC FOR585: Advanced Smart Phone Forensics, and who teaches the course as well, details why testing of mobile phone applications is critical — especially given the fact that Android apps change weekly and even daily. It is becoming more common for application developers to restrict very important user artifacts from being accessed from these Android devices. This most often includes the SQLite databases, which likely contain the information that examiners are after. It's not just commercially available applications you have to consider. Often, custom-built apps aren't parsed by commercial tools, so you'll need to know how to access and parse any data stored on the device.

During the webinar, Domenica talks about the importance of rooting Android devices as well as ways to access and parse the data. She explains how to do this using utilities that exist on the SIFT workstation or that can be downloaded for free from the GIAC website.

This webcast explores topics such as:

1) Choosing the best test device

 During a forensics acquisition, many tools will apply a soft root onto the phone that is then removed once the data is obtained. But a full physical acquisition is not always necessary for application testing. Ideally, we want a test phone that is always rooted, whether or not the device loses power, because the root basically unlocks access to the core of the device's operating system so you can access, add, remove or tweak anything inside the phone.

2) Rooting your Android

During the webinar, Domenica walks through a demo of a root, how to locate the root and share information on free and publicly-available root tools.

3) Utilizing File Browsers for quick file/folder access

Sometimes a file browser is all you really need to get to the data you're after. Domenica shares her favorite third-party applications for accessing the file system.

4) Examining application directories of interest

Once you have access to the files you need, utilize tools available on the SIFT workstation to view the contents of SQLite databases.