Introduction to Forensics of Mobile Devices, Identification of Spyware and Documentation of Digital Threats with a Human Rights and Gender Perspective

Due to high demand, we have closed registration. If you are interested in having access to the recordings of this course or participating in future editions, please send an email to alexandra @

This online course announcement is labelled as TLP:GREEN = Limited disclosure, recipients can spread this within their community. Recipients may share TLP:GREEN information with peers and partner organizations within their community, but not via publicly accessible channels

Agenda & Contents

Friday, 23 June 2023 from 13:00 – 15:00 UTC Time

This session will review and discuss how civil society organizations have used computer forensics to protect human rights. It will present different practices, techniques and methodologies used in the field and underline their main purpose and outcomes.

Facilitators: Jacobo Nájera + Tes.

Language: Spanish with translation to English.

Friday, 21 July 2023 from 13:00 – 15:00 UTC Time

This session will cover the topic of cyberviolence and surveillance in intimate partner violence. It will introduce the different types of threats and available knowledge (or lack thereof), and current solutions. The solutions will encompass methodologies and technical solutions for supporting survivors of domestic violence and GBVO.

Facilitator: Etienne Maynier.

Language: English with translation to Spanish.

Friday, 04 August 2023 from 13:00 – 15:00 PM UTC Time

This session will provide a baseline of technical concepts useful for next sessions. The questions that will be addressed are: What is an Operating System? What happen when I run a program? How access control of my data is achieved? Why hashes are so important in Forensics? How my computer knows were to find the webpage I am looking for?

Facilitators: Gia + Tes

Language: Spanish with translation to English.

Friday, 25 August 2023 from 13:00 – 15:00 PM UTC Time

This session will focus on threat intelligence applied to infrastructures. Guided by practical examples we will investigate domains, IP addresses, SSL certificates, DNS, vulnerabilities databases, threat databases and anomalous behaviour that might indicate that certain infrastructure is behind the malicious activity.

Facilitators: Carl + Marla + Tes.

Language: English with translation to Spanish and Spanish with translation to English.

Friday, 8 Sept 2023 from 13:00 – 15:00 PM UTC Time

This session is an introduction to Android forensics methodology with a hands-on component. The course will introduce the Android architecture broadly with a focus on data storage and the specific challenges of the Android ecosystem (diversity of hardware models, manufacturers), data acquisition strategies (physical & logical extraction), and forensic analysis of artifacts.

Facilitators: Carl + Marla + Tes.

Language: English with translation to Spanish.

Friday, 22 September from 13:00 – 15:00 UTC Time

This session looks at describing the process of identification and analysis of potentially malicious Android applications, from gathering the binary to its analysis by using offline and/or online tools. This session can lead to two other sessions dealing with static and dynamic analysis.

Facilitators: Esther Onfroy.

Language: English with translation to Spanish.

Friday, 06 October from 13:00 – 15:00 UTC Time

This session looks at presenting the setup of a lab meant to capture mobile device network traffic without modifying the device. We will see the different tools that already exist purposely designed for both traffic capture and analysis.

Facilitators: Esther Onfroy.

Language: English with translation to Spanish.

Friday, 10 November from 13:00 – 15:00 UTC Time

This session will discuss and present different methodologies and tools that can be used for documenting digital threats and GBVO in order to use for building legal cases.

Facilitators: Carl + Marla + Esther Onfroy

Language: English with translation to Spanish.

Who can register for the online course?

This online course is oriented to participants of the RaReNet, CiviCERT, feminist helplines and regional rapid responders networks. This is an introductory course planned for a diversity of profiles such as rapid responders, digital security trainers, incident handlers for digital security help desks or feminist helplines or tech-savvy activists who want to better understand how they can analyse digital threats. It can also be relevant for activists, human rights defenders, and civil society organisations that want to learn about digital forensics with a human rights and gender perspective.

Learning Outcomes

  • Skills – Participants will understand:
    • Smartphone and Android forensics basics.
    • Practical methodologies to look for phones of potential victims of surveillance.
    • The right tools to use depending on the confidentiality and criticality of the case.
    • How to conduct a physical & logical extraction over rooted & non-rooted Android devices.
    • What information is essential to gather in determining the potential maliciousness of an app.
    • How to investigate if an infrastructure is malicious or not.
  • Knowledge – Participants will learn:
    • About forensics with a Human Rights perspective.
    • About GBVO and intimate partner violence.
    • To make an informed decision on how to approach a mobile forensic analysis (for instance how to decide on a data acquisition & analysis strategy based on physical access, privileges and motivation).
    • That behind every threat there is an Infrastructure that can bring information about the actors behind digital threats.


Facilitators have a track record working on the topics included in the curricula and a proven trajectory working with a feminist and intersectional perspective.


Carl is part of Marialab, a feminist organization from Brazil that works with digital security for human rights defenders and social movements and other intersections of gender and technology, like feminist infrastructures and spaces of care. Marialab recently launched a digital security helpline called Maria D’ajuda and is establishing a threat lab to add digital forensics capabilities to the helpline.

Esther Onfroy

Expert in information security and reverse engineering, Esther aka U039b is a French hacktivist, lecturer and co-founder of Defensive Lab Agency, Exodus Privacy, PTS project, Pithus, Echap, La Résille. She fights against surveillance capitalism and has contributed to several investigations highlighting the illegal data collection by major digital actors. She helps journalists, academics and NGOs to better understand the issues of cybersecurity and surveillance on mobile devices.

Etienne Maynier

Etienne is a security researcher and activist. He has been investigating targeted digital surveillance against civil society for several years. He is a member of Echap, a non-profit organization based in France that aims at supporting women’s shelters to fight against surveillance in intimate partner violence.


Gia is an digital security consultant for journalists and activists. She wrote the cybersecurity chapter of the self-defense guide for FOPEA journalists, she was a trainer for GIJN’s JSAT tool in Spanish, also at the computer security workshop for union organizations organized by FES, among other trainings, representing 0xche, in which she conducts research on cybersecurity for civil society organizations in Latin America.

Jacobo Nájera

Jacobo is a technologist and researcher. He is interested in the relationships between technological crafts and communication rights. He has contributed applied research to the Privacy Anonymity Tools project at the National Autonomous University of Mexico, and the Stratosphere IPS lab at the Czech Technical University. He was awarded the Gabo 2019 journalism prize, under the category of innovation. Currently, he is a digital protection facilitator at Digital Defenders Partnership and a core contributor at The Tor Project.


Marla is a digital security researcher and transhacktivist from Brazil. She has been supporting human rights defenders by providing digital forensics in Rapid Response cases with funding from the Open Tech Fund. She is also a fellow in the Amnesty International Security Lab Digital Forensics Fellowship Program, conducting research on state-sponsored surveillance in Brazil. She currently co-coordinates MariaLab’s threat lab.


Tes is a mobile security researcher & hacktivist from Argentina. She is part of a horizontal collective of hackers by the name 0xche, an organization that conducts research and security assessments for civic society organizations.


  • People can register to attend only some of the sessions or they can register to attend all of them.
  • The different sessions will take place on a Big Blue Button Platform. Links for connecting will only be shared with registered participants.
  • Sessions will be delivered in English or Spanish and there will be a simultaneous translation by professional translators.
  • Each session will be documented and documentation will be shared with registered participants.
  • Some sessions will suggest hands-on exercises that registered participants can achieve on their own in order to test their skills and knowledge on the topic.


If you have any comments, questions or doubts about this online course please email: alexandra at digitaldefenders dot org