Practical Mobile Forensics : a hands-on guide to mastering mobile forensics for the iOS, Android, and the Windows Phone platforms.
Mobile phone forensics is the science of retrieving data from a mobile phone under forensically sound conditions. This book is an update to Practical Mobile Forensics, Second Edition and it delves into the concepts of mobile forensics and its importance in today's world.
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | , , , |
| Format: | Electronic eBook |
| Language: | English |
| Published: |
Birmingham :
Packt Publishing,
2018.
|
| Edition: | 3rd ed. |
| Subjects: | |
| Online Access: | Full text (Emerson users only) Full text (Emmanuel users only) Full text (NECO users only) Full text (MCPHS users only) Full text (Wentworth users only) Full text (Wentworth users only) |
Table of Contents:
- Cover; Title Page; Copyright and Credits; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Introduction to Mobile Forensics; Why do we need mobile forensics?; Mobile forensics; Challenges in mobile forensics; The mobile phone evidence extraction process; The evidence intake phase; The identification phase; The legal authority; The goals of the examination; The make, model, and identifying information for the device; Removable and external data storage; Other sources of potential evidence; The preparation phase; The isolation phase; The processing phase.
- The verification phaseComparing extracted data to the handset data; Using multiple tools and comparing the results; Using hash values; The documenting and reporting phase; The presentation phase; The archiving phase; Practical mobile forensic approaches; Overview of mobile operating systems ; Android; iOS; Windows Phone; Mobile forensic tool leveling system; Manual extraction; Logical extraction; Hex dump; Chip-off; Micro read; Data acquisition methods; Physical acquisition; Logical acquisition; Manual acquisition; Potential evidence stored on mobile phones; Examination and analysis.
- Rules of evidenceGood forensic practices; Securing the evidence; Preserving the evidence; Documenting the evidence and changes; Reporting; Summary; Chapter 2: Understanding the Internals of iOS Devices; iPhone models; Identifying the correct hardware model; iPhone hardware; iPad models; Understanding the iPad hardware; Apple Watch models; Understanding the Apple Watch hardware; The filesystem; The HFS Plus filesystem; The HFS Plus volume; The APFS filesystem; The APFS structure; Disk layout; iPhone operating system; The iOS architecture; iOS security; Passcodes, Touch ID, and Face ID.
- Code SigningSandboxing; Encryption; Data protection; Address Space Layout Randomization; Privilege separation; Stack-smashing protection; Data execution prevention; Data wipe; Activation Lock; The App Store; Jailbreaking; Summary; Chapter 3: Data Acquisition from iOS Devices; Operating modes of iOS devices; The normal mode; The recovery mode; DFU mode; Setting up the forensic environment; Password protection and potential bypasses; Logical acquisition; Practical logical acquisition with libimobiledevice; Practical logical acquisition with Belkasoft Acquisition Tool.
- Practical logical acquisition with Magnet ACQUIREFilesystem acquisition; Practical jailbreaking; Practical filesystem acquisition with Elcomsoft iOS Forensic Toolkit; Physical acquisition; Practical physical acquisition with Elcomsoft iOS Forensic Toolkit; Summary; Chapter 4: Data Acquisition from iOS Backups; iTunes backup; Creating backups with iTunes; Understanding the backup structure; info.plist; manifest.plist; status.plist; manifest.db; Extracting unencrypted backups; iBackup Viewer; iExplorer; BlackLight; Encrypted backup; Elcomsoft Phone Breaker; Working with iCloud backups.