homepage
Menu
Open menu
  • Training
    Go one level top Back

    Training

    • Courses

      Build cyber prowess with training from renowned experts

    • Hands-On Simulations

      Hands-on learning exercises keep you at the top of your cyber game

    • Certifications

      Demonstrate cybersecurity expertise with GIAC certifications

    • Ways to Train

      Multiple training options to best fit your schedule and preferred learning style

    • Training Events & Summits

      Expert-led training at locations around the world

    • Free Training Events

      Upcoming workshops, webinars and local events

    • Security Awareness

      Harden enterprise security with end-user and role-based training

    Featured: Solutions for Emerging Risks

    Discover tailored resources that translate emerging threats into actionable strategies

    Risk-Based Solutions

    Can't find what you are looking for?

    Let us help.
    Contact us
  • Learning Paths
    Go one level top Back

    Learning Paths

    • By Focus Area

      Chart your path to job-specific training courses

    • By NICE Framework

      Navigate cybersecurity training through NICE framework roles

    • DoDD 8140 Work Roles

      US DoD 8140 Directive Frameworks

    • By European Skills Framework

      Align your enterprise cyber skills with ECSF profiles

    • By Skills Roadmap

      Find the right training path based on critical skills

    • New to Cyber

      Give your cybersecurity career the right foundation for success

    • Leadership

      Training designed to help security leaders reduce organizational risk

    • Degree and Certificate Programs

      Gain the skills, certifications, and confidence to launch or advance your cybersecurity career.

    Featured

    New to Cyber resources

    Start your career
  • Community Resources
    Go one level top Back

    Community Resources

    Watch & Listen

    • Webinars
    • Live Streams
    • Podcasts

    Read

    • Blog
    • Newsletters
    • White Papers
    • Internet Storm Center

    Download

    • Open Source Tools
    • Posters & Cheat Sheets
    • Policy Templates
    • Summit Presentations
    • SANS Community Benefits

      Connect, learn, and share with other cybersecurity professionals

    • CISO Network

      Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

  • For Organizations
    Go one level top Back

    For Organizations

    Team Development

    • Why Partner with SANS
    • Group Purchasing
    • Skills & Talent Assessments
    • Private & Custom Training

    Leadership Development

    • Leadership Courses & Accreditation
    • Executive Cybersecurity Exercises
    • CISO Network

    Security Awareness

    • End-User Training
    • Phishing Simulation
    • Specialized Role-Based Training
    • Risk Assessments
    • Public Sector Partnerships

      Explore industry-specific programming and customized training solutions

    • Sponsorship Opportunities

      Sponsor a SANS event or research paper

    Interested in developing a training plan to fit your organization’s needs?

    We're here to help.
    Contact us
  • Talk with an expert
  • Log In
  • Join - it's free
  • Account
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. Quick Look - Cellebrite UFED Using Extract Phone Data & File System Dump
Paul Henry

Quick Look - Cellebrite UFED Using Extract Phone Data & File System Dump

September 22, 2010

It is not the intent of this blog post to be an all-encompassing guide to the forensic analysis of an iPhone. Rather it is a look at some of the tools I use in my practice and how they can be applied to iPhone forensic analysis. That being said, let's get to it.

Why would you use the Cellebrite File System Dump instead of the traditional Extract Phone Data ?

If the subject of your forensic analysis is collecting information regarding the telephone such as call logs, phone book, SMS, pictures, video and audio/music then you will find what you need using the standard Cellebrite processing found under "Extract Phone Data". However if you want to do a deep dive in to the file structure, Internet usage or look deep in to the applications that are being used on the device and perhaps run some of your "favorite forensic tools" against it, I highly recommend complimenting your traditional Extract Phone Data analysis by also doing the File System Dump.

For the purposes of my testing for this blog post I am performing a forensic analysis on a 16 GB iPhone 3G Version 4.02.

Let me begin by noting that I am running a Cellebrite UFED with the Physical Analysis Option.

Version information is as follows

UFED Software Versions:

  • App: 1.1.4.7 UFED
  • Full: 1.0.2.4 UF
  • Tiny: 1.0.2.1
  • Reporter Version 1.8.280710
  • Physical Analyzer version 1.9.0.5213

The UFED Physical currently supports 2455 different phones for standard processing and 1462 for physical processing. See highlights on the most current release below (Figure 1).

Figure-1-300x294.jpg
Figure 1

The previous version of the Cellebrite Report Manager was somewhat limited for use in my practice as it only ran on a Windows XP environment and my lab is predominantly Windows 7 x64 based. The new/current version 1.8.2 will now operate on a Windows 7 x64 machine. Further Cellebrite has recently released their Physical Analyzer software that works on Windows 7 x64 for both physical dump files and file system dump files.

Using The Cellebrite UFED "Extract Phone Data" Option

The Main Menu of the Cellebrite UFED offers several choices for collecting evidence from a mobile device:

  • Extract Phone Data
  • Extract SIM/USIM Data
  • Clone SIM ID
  • Physical Dump
  • File System Dump
  • Extract Passwords

For the initial part of my testing I wanted to see just what was available with the standard "Extract Phone Data" option.

Extract Phone Data -> Apple ->

Several options are available for Apple products:

  • iPad
  • iTouch
  • iPhone 2G/3G/3GS
  • iPhone 4

I chose the selection for the "iPhone 2G/3G/3GS"

Target selections include:

  • USB Flash Drive
  • SD Card
  • PC

I chose the "USB Flash Drive" for a 16 GB FAT 32 formatted USB drive

Options for Extraction are:

  • Call Logs
  • Phone Book
  • SMS
  • Pictures
  • Videos
  • Audio/Music

I selected all available options except audio for my test run and extraction was completed in around 8 minutes. I moved the USB stick over to a forensics workstation running the Cellebrite Report Manager and copied it to sanitized case drive and then opened the analysis file.

The file opened quickly and presented the following initial display in the Report Manager GUI. Phone Exam Properties (Figure 2) are provided in a tabular format and include the typical cell phone specific details that I would expect to be available with a mobile phone forensics product. On the left side bar of the page is an icon driven menu that also provides information (in total) on what was collected and or is available from the collection:

  • Contacts (2951)
  • SMS (2521)
  • Calendar (0)
  • Call Log (100)
  • Images (7)
  • Audio (0)
  • Video (0)
  • Ringtone (0)

Selecting the contacts icon brings up the contacts display (Figure 3), all available fields are displayed in the Report Manager "spreadsheet like" GUI. Selecting any column header will resort all of the listed information in either the ascending or descending order of the selected column. This can be very handy on a phone with many contacts.

Figure-3-300x213.jpg
Figure 3

The SMS message page is selected by clicking the SMS icon and is displayed in tabular format with details of each selected SMS message shown in a view at the bottom of the page (Figure 4). Note that the time stamps for each message are provided. As with other tabular pages in the Cellebrite Reporter software selecting any column header in the SMS display will resort all of the listed information in either the ascending or descending order of the selected column.

Figure-4-300x270.jpg
Figure 4

Viewing call information in the Cellebrite Report Manager is as simple as clicking the Call Log Icon in the menu area. All 100 of the last calls made/received on the iPhone are displayed in tabular format and include as expected the type of call incoming/outgoing, phone number, time/date as well as duration of each call (Figure 5). Note: on an iPhone, if a given number exists in the phonebook on the iPhone the contact name is also displayed in the call log details. As with other tabular pages in the Cellebrite Report Manager software selecting any column header in the Calls Log display will resort all of the listed information in either the ascending or descending order of the selected column.

Figure-5-209x300.jpg
Figure 5

The Image page is selected by simply clicking on the Images icon in the menu area. Images may include any image on the phone such as thumbnails from the SMS message display as well as a larger copy of the image stored on the iPhone that can be displayed by clicking on the smaller picture within the SMS display on the iPhone. Other images such as those taken with the iPhone internal camera are also extracted and made available in the images display (however they are not differentiated) by the Reporter software. Images are presented in a list view but you can choose an Icon or detailed view from the toolbar (Figure 6). In order to view the image you must click on the image name or icon and a Windows Photo Viewer window is opened to display the image. It is important to note that images that were deleted on the iPhone are not recovered and made available in this extraction and EXIF information is made available by right clicking on the image while it is being viewed in the Windows Photo Viewer.

Care should be taken in viewing and interpreting the EXIF data in the Windows Photo Viewer (Figure 7) as the data displayed in the Properties Window for Origin — Date Taken represents the time and date the photo was taken and the data provided under "File" contains the path to the image on the viewing workstation (not on the iPhone) and the file time stamps represent when the file was created/accessed in the extraction process — not the time the photo was taken.

Figure-6-218x300.jpg
Figure 6
Figure-7-219x300.jpg
Figure 7

Taking A Deeper Dive - Using The Cellebrite File System Dump Option

With today's more powerful mobile devices such as the Apple iPhone 3G collecting only the traditional "phone" data is simply not enough you need to do a deeper dive to perform a thorough forensic analysis.

The Main Menu of the Cellebrite UFED offers several choices for collecting evidence from a mobile device:

  • Extract Phone Data
  • Extract SIM/USIM Data
  • Clone SIM ID
  • Physical Dump
  • File System Dump
  • Extract Passwords

For the purposes of this test run I chose to select the creation of a "File System Dump" rather then just the traditional "Extract Phone Data".

On the UFED menu

File System Dump -> Apple ->

Several choices for Apple supported mobile devices include:

  • iPad
  • iPod Touch
  • iPhone 2G/3G/3GS
  • iPhone 4
  • iPod Nano 5G

I chose the selection for the "iPhone 2G/3G/3GS"

Target selections include:

  • USB Flash Drive
  • SD Card
  • PC

I chose the "USB Flash Drive" for a 16 GB FAT 32 formatted USB drive

The iPhone contained a large number of songs, a few videos, photos and 11 different applications — roughly 13.1 GB of data. The extraction took a little more then 14 hours to complete. The resulting extraction resulted in 12.4 GB being written to the USB stick.

I copied the folder from the USB stick to a forensics workstation and then selected the respective UFED Dump file (Figure 8). This automatically opened the archived files within the UFED Physical Analyzer (Figure 9) on my Windows 7×64 server.

Figure-9-300x256.jpg
Figure 9

Drilling down into what information is available within the Physical Analyzer software it literally opens a "treasure trove" of potential valuable evidence not found with the traditional "Extract Phone Data" option on the Cellebrite UFED. Selecting the available Hex data and drilling down in to the application folders I was able to not only find the application user names and passwords for several applications I also found the user's Skype chat conversations that are being stored on the iPhone — information simply not available using the traditional "Extract Phone Data Option".

The Cellebrite Physical Analyzer Itself Is Good But Other Tools Can Enhance Your Analysis

While examining the data in hex format within the Cellebrite Physical Analyzer software is interesting and some would perhaps believe to be "enough" I prefer the automation provided by tools like those found in the "SANS SIFT Workstation" for Windows to present the evidence in a more "forensicator friendly" manner.

Create A File Set For Analysis

From within the Cellebrite Physical Analyzer software Toolbar I chose to copy the extracted data out of the Physical Analyzer to a folder on my forensic server:

Tools -> Dump Filesystem

This created a folder set in the original iPhone hierarchy and enabled me to then copy them on to a USB stick for further analysis

Some Analysis Using The SANS SIFT Workstation With The Cellebrite Physical Analyzer

Knowing that I had found Skype related data in viewing the files in the hex display of the Physical Analyzer I decided to use the tool included in the SANS SIFT Workstation called "Skype Log Parser". Starting up SIFT and connecting the USB stick with the copied folders from the Cellebrite Physical Analyzer allowed me to quickly run the Skype Log Parser against the collected data resulting in a clean representation of the available data in a much easier to read format then simply viewing it in Hex. Here is just a sample of the evidence found using the SIFT Workstation and Skype Log Parser (Figure 10 — 13) when run against the data extracted from the Physical Analyzer files extracted with the UFED in File Dump Mode.

Figure-10-300x197.jpg
Figure 10
Figure-11-300x197.jpg
Figure 11
Figure-12-300x197.jpg
Figure 12
Figure-13-300x197.jpg
Figure 13

Having found the tools within the SIFT Workstation able to use the data extracted from the iPhone by Cellebrite was encouraging so I decided to try another available tool on my forensics server - "NetAnalysis" against the collected data to see if a representation of the iPhones Safari browser history was available and could be processed by Net Analysis from the data structures collected by the Cellebrite UFED. As expected the NetAnalysis software was able collect the browser history from the Cellebrite extracted data structures of the iPhone Safari browser (Figure 14).

Figure-14-300x187.jpg
Figure 14

Taking It Up A Notch - Using FTK 3.1 To Analyze The File Dump From The UFED — Physical Analyzer Export

I prefer to create an AD1 image of large amounts of data that will be part of a case in FTK 3.1 rather than simply add the individual files or folders directly in to an FTK case. To create the ADI image you simply use FTK Imager (Figure 15):

File -> Create Image -> Contents of a folder -> enter source path -> Finish

Add -> complete case information form -> Image destination -> Image name

With the available AD1 image you can now start FTK 3.1, create a new case and add the AD1 file you just created to the new case (Figure 16) and configure your evidence refinement options (Figure 17). These are not necessary, the optimum refinement options for an iPhone but were selected simply to process this example for this blog post.

Figure-16-300x143.jpg
Figure 16
Figure-17-300x250.jpg
Figure 17


The small size of the AD1 file is processed in minutes by FTK 3.1 and you are quickly presented with the FTK Explorer and evidence tree showing the complete file structure collected by the Cellebrite UFED File System Dump (Figure 18) from the iPhone. FTK 3.1 provides the ability to view plist files and some SQLite files. Further the index search is available to search the image for your selected keywords.

Figure-18-300x232.jpg
Figure 18

Under the Overview Tab select the plist extension to see the power of analysis using FTK on the UFED extracted iPhone file dump. The total number of plist files found on this iPhone are 176 and they contain a wealth of potential forensic evidence. Drilling down to the file named Bookmarks.plist we find that it contains potentially valuable data associated with the iPhone map application — complete data on a specific location saved as a bookmark in the map application (Figure 19). Other potentially valuable plist files would be the user's speed dial list (Figure 20), network identification plist (Figure 21) that contains valuable historical network connections details, several browser cookie plist files that reveal browser history details even if the user deleted browser history, just to name a few.

Figure-20-300x187.jpg
Figure 20

Figure-211-300x187.jpg
Figure 21
Figure-221-300x187.jpg
Figure 22

Other great potential forensic evidense can quickly be viewed using FTK and an external program such as SQLiteSpy to view the data contained within the many iPhone SQLite databases. Simply right click in the SQLite db file in the FTK tree view and select "view with external program -> SqliteSpy" (Figure 23) Here we have all of the notes the user of the iPhone stored with the Apple Notes application on the iPhone.

Figure-23-300x204.jpg
Figure 23

Another missing detail in using the Extract Phone Data is that it simply did not collect the calendar data from the iPhone. However the File System Dump does capture the SQL database associated with the user's calendar application. Right click on the CalendarSqlite.db and select "view with external program -> SQLiteSpy" to view the SQL database table containing the users calendar data. (Figure 24)

Figure-24-300x202.jpg
Figure 24

In conclusion: Clearly the File Dump option for the Cellebrite UFED Physical provides a wealth of potential forensics evidence for an Apple iPhone. The traditional Extract Phone Data option is significantly faster but simply can not be regarded as a thorough analysis of an Apple iPhone because of the other forensic data it may in fact contain. The Cellebrite Report Manager is great for a traditional phone analysis and the Cellebrite Physical Analyzer software provides the capability to analyze the File System Dump created with the UFED Physical for a deeper dive into the data contained on an iPhone. While the Physical Analyzer software is good with its Hex display, filtering and search capability, the file structure created is also usable by other forensic tools such as those within the SANS SIFT Workstation like the Skype Log Parser, the well known and powerful stand alone browser analysis tool from Digital Detective called Net Analysis and lastly the powerful AccessData FTK 3.1 analysis software with its point and click bookmarking and reporting capability along with additional tools like SQLiteSpy to further expand its capability.

Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Cote D'ivoire
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania, United Republic Of
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City State
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Tags:
  • Digital Forensics, Incident Response & Threat Hunting

Related Content

Blog
Blog Teaser: Shoplifting2.0 340x340.jpg
Digital Forensics, Incident Response & Threat Hunting
May 21, 2025
Shoplifting 2.0: When it’s Data the Thieves Steal
Identify steps organisations can implement to protect against Scattered Spider and DragonForce
Adam Harrison
Adam Harrison
read more
Blog
emerging threats summit 340x340.png
Digital Forensics, Incident Response & Threat Hunting, Offensive Operations, Pen Testing, and Red Teaming, Cyber Defense, Industrial Control Systems Security, Cybersecurity Leadership
May 14, 2025
Visual Summary of SANS Emerging Threats Summit 2025
Check out these graphic recordings created in real-time throughout the event for SANS Emerging Threats Summit 2025
No Headshot Available
Alison Kim
read more
Blog
powershell_option_340x340.jpg
Cyber Defense, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Offensive Operations, Pen Testing, and Red Teaming
July 12, 2022
Month of PowerShell - Windows File Server Enumeration
In this Month of PowerShell article we look at several commands to interrogate Windows SMB servers as part of our incident response toolkit.
Josh Wright - Headshot - 370x370 2025.jpg
Joshua Wright
read more
  • Company
  • Mission
  • Instructors
  • About
  • FAQ
  • Press
  • Contact Us
  • Careers
  • Policies
  • Training Programs
  • Work Study
  • Academies & Scholarships
  • Public Sector Partnerships
  • Law Enforcement
  • SkillsFuture Singapore
  • Degree Programs
  • Get Involved
  • Join the Community
  • Become an Instructor
  • Become a Sponsor
  • Speak at a Summit
  • Join the CISO Network
  • Award Programs
  • Partner Portal
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Cote D'ivoire
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania, United Republic Of
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City State
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • Privacy Policy
  • Terms and Conditions
  • Do Not Sell/Share My Personal Information
  • Contact
  • Careers
© 2025 The Escal Institute of Advanced Technologies, Inc. d/b/a SANS Institute. Our Terms and Conditions detail our trademark and copyright rights. Any unauthorized use is expressly prohibited.
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn