eBook - ePub
Practical Mobile Forensics
Satish Bommisetty, Rohit Tamma, Heather Mahalik
This is a test
- 328 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Practical Mobile Forensics
Satish Bommisetty, Rohit Tamma, Heather Mahalik
Book details
Book preview
Table of contents
Citations
About This Book
In Detail
With the advent of smartphones, the usage and functionality of mobile devices has grown enormously along with the sensitive information contained in these devices. Law enforcement agencies around the world have realized the importance of evidence present on a mobile device and how it can influence the outcome of an investigation.
Practical Mobile Forensics explains mobile forensic techniques on the iOS, Android, Windows, and BlackBerry platforms. You will learn the fundamentals of mobile forensics, and different techniques to extract data from a device, recover deleted data, bypass the screen lock mechanisms, and various other tools that aid in a forensic examination.
This book will teach you everything you need to know to forensically examine a mobile device. The techniques described are not only useful for budding forensic investigators, but will also come in handy for those who may want to recover accidentally deleted data.
Approach
The book is an easy-to-follow guide with clear instructions on various mobile forensic techniques. The chapters and the topics within are structured for a smooth learning curve, which will swiftly empower you to master mobile forensics.
Who this book is for
If you are a budding forensic analyst, consultant, engineer, or a forensic professional wanting to expand your skillset, this is the book for you. The book will also be beneficial to those with an interest in mobile forensics or wanting to find data lost on mobile devices. It will be helpful to be familiar with forensics in general but no prior experience is required to follow this book.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Practical Mobile Forensics an online PDF/ePUB?
Yes, you can access Practical Mobile Forensics by Satish Bommisetty, Rohit Tamma, Heather Mahalik in PDF and/or ePUB format, as well as other popular books in Law & Law Theory & Practice. We have over one million books available in our catalogue for you to explore.
Information
Practical Mobile Forensics
Table of Contents
Practical Mobile Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of the book
Errata
Piracy
Questions
1. Introduction to Mobile Forensics
Mobile forensics
Mobile forensic challenges
Mobile phone evidence extraction process
The evidence intake phase
The identification phase
The legal authority
The goals of the examination
The make, model, and identifying information for the device
Removable and external data storage
Other sources of potential evidence
The preparation phase
The isolation phase
The processing phase
The verification phase
Comparing extracted data to the handset data
Using multiple tools and comparing the results
Using hash values
The document and reporting phase
The presentation phase
The archiving phase
Practical mobile forensic approaches
Mobile operating systems overview
Android
iOS
Windows phone
BlackBerry OS
Mobile forensic tool leveling system
Manual extraction
Logical extraction
Hex dump
Chip-off
Micro read
Data acquisition methods
Physical acquisition
Logical acquisition
Manual acquisition
Potential evidence stored on mobile phones
Rules of evidence
Admissible
Authentic
Complete
Reliable
Believable
Good forensic practices
Securing the evidence
Preserving the evidence
Documenting the evidence
Documenting all changes
Summary
2. Understanding the Internals of iOS Devices
iPhone models
iPhone hardware
iPad models
iPad hardware
File system
The HFS Plus file system
The HFS Plus volume
Disk layout
iPhone operating system
iOS history
1.x – the first iPhone
2.x – App Store and 3G
3.x – the first iPad
4.x – Game Center and multitasking
5.x – Siri and iCloud
6.x – Apple Maps
7.x – the iPhone 5S and beyond
The iOS architecture
The Cocoa Touch layer
The Media layer
The Core Services layer
The Core OS layer
iOS security
Passcode
Code signing
Sandboxing
Encryption
Data protection
Address Space Layout Randomization
Privilege separation
Stack smashing protection
Data execution prevention
Data wipe
Activation Lock
App Store
Jailbreaking
Summary
3. Data Acquisition from iOS Devices
Operating modes of iOS devices
Normal mode
Recovery mode
DFU mode
Physical acquisition
Acquisition via a custom ramdisk
The forensic environment setup
Downloading and installing the ldid tool
Verifying the codesign_allocate tool path
Installing OSXFuse
Installing Python modules
Downloading iPhone Data Protection Tools
Building the IMG3FS tool
Downloading redsn0w
Creating and loading the forensic toolkit
Downloading the iOS firmware file
Modifying the kernel
Building a custom ramdisk
Booting the custom ramdisk
Establishing communication with the device
Bypassing the passcode
Imaging the data partition
Decrypting the data partition
Recovering the deleted data
Acquisition via jailbreaking
Summary
4. Data Acquisition from iOS Backups
iTunes backup
Pairing records
Understanding the backup structure
info.plist
manifest.plist
status.plist
manifest.mbdb
Header
Record
Unencrypted backup
Extracting unencrypted backups
iPhone Backup Extractor
iPhone Backup Browser
iPhone Data Protection Tools
Decrypting the keychain
Encrypted backup
Extracting encrypted backups
iPhone Data Protection Tools
Decrypting the keychain
iPhone Password Breaker
iCloud backup
Extracting iCloud backups
Summary
5. iOS Data Analysis and Recovery
Timestamps
Unix timestamps
Mac absolute time
SQLite databases
Connecting to a database
SQLite special commands
Standard SQL queries
Important database files
Address book contacts
Address book images
Call history
SMS messages
SMS Spotlight cache
Calendar events
E-mail database
Notes
Safari bookmarks
The Safari web caches
The web application cache
The WebKit storage
The photos metadata
Consolidated GPS cache
Voicemail
Property lists
Important plist files
The HomeDomain plist files
The RootDomain plist files
The WirelessDomain plist files
The SystemPreferencesDomain plist files
Other important files
Cookies
Keyboard cache
Photos
Wallpaper
Snapshots
Recordings
Downloaded applications
Recovering deleted SQLite records
Summary
6. iOS Forensic Tools
Elcomsoft iOS Forensic Toolkit
Features of EIFT
Usage of EIFT
Guided mode
Manual mode
EIFT-supported devices
Compatibility notes
Oxygen Forensic Suite 2014
Features of Oxygen Forensic Suite
Usage of Oxygen Forensic Suite
Oxygen Forensic Suite 2014 supported devices
Cellebrite UFED Physical Analyzer
Features of Cellebrite UFED Physical Analyzer
Usage of Cellebrite UFED Physical Analyzer
Supported devices
Paraben iRecovery Stick
Features of Paraben iRecovery Stick
Usage of Paraben iRecovery Stick
Devices supported by Paraben iRecovery Stick
Open source or free methods
Summary
7. Understanding Android
The Android model
The Linux kernel layer
Libraries
Dalvik virtual machine
The application framework layer
The applications layer
Android security
Secure kernel
The permission ...