This week, I completed Hexordia’s Mobile Data Structures course led by Kim Bradley. Kim’s expertise in DFIR is shown through her educational, personable, and humorous teaching style. The interactive Zoom sessions, with polls to gauge our readiness, were user-friendly and non-intrusive. With a small class size of under ten students, the course was tailored to our needs, allowing for focused discussions and reinforced learning.

I have completed numerous DFIR courses, including the majority of (if not all of) Hexordia’s free courses. One common challenge in the DFIR field, particularly with instructor-led courses, is finding the right balance between the time invested and the financial cost.

One standout course that I found immensely valuable is Mobile Data Structures. This course effectively combines the content of four separate courses into one comprehensive eight-hour session, maximizing the learning experience.

• HEX-310 SQLite Analysis
• HEX-320 PList Forensics
• HEX-340 LevelDB Forensics
• HEX-360 Protocol Buffer (Protobuf) Analysis

If you are active in the DFIR field, you understand the critical importance of these data points and the value of manually reviewing data. This course covers these crucial areas excellently. It provides thorough overviews, instructor-led walkthroughs, checks on learning, and hands-on tasks. As a hands-on learner, I found the tasks highly beneficial for building confidence in parsing and reviewing unique data sets.

While I already had a strong background in crafting complex SQL queries, this experience offered fresh perspectives and new techniques that I hadn’t previously considered. My prior knowledge of PLists, LevelDB, and Protobufs laid a solid foundation, but Hexordia’s approach to breaking down and analyzing these data structures provided invaluable insights. The course not only reinforced my existing expertise but also introduced me to different methodologies for parsing and analyzing data, which I can now apply more effectively in my work.

Even before starting the course, Hexordia provides resources to complete their course prerequisites, downloading specific items within a toolbox of open-source tools. Hexordia is not a vendor specific course so while they highlight data supported by commercially available digital forensic software, they also provide these great open-source options to decode, deserialize, parse, and recover data outside any one named software. In addition to the tool resources the actual data sets are available ahead of starting the course as well – something I have found to be extremely rare as courses go. Lastly, their site provides easy to follow walkthroughs for some of the tools which are helpful when using something new for the first time.

The only word of warning I would have for those interested in this course is to have a familiarity with Python. At the very least launching the Command Prompt to subsequently launch scripts, applications, and tools. However, if you are interested in this course and the concept of Python has started to scare you off, trust in Kim Bradley, Jessica Hyde, and everyone at Hexordia to provide support.

If you’re looking to elevate your expertise in digital forensics, focusing on crucial areas like SQLite, PLists, LevelDB, and Protobufs, Hexordia’s Mobile Data Structures course is essential. This comprehensive course offers hands-on tasks and expert guidance, providing a valuable asset for your DFIR progression. Enhance your forensic skills today with Hexordia’s Mobile Data Structures course—it’s the next step in your journey.