Book Image

Mobile Forensics ??? Advanced Investigative Strategies

By : Oleg Afonin, Vladimir Katalov
Book Image

Mobile Forensics ??? Advanced Investigative Strategies

By: Oleg Afonin, Vladimir Katalov

Overview of this book

Investigating digital media is impossible without forensic tools. Dealing with complex forensic problems requires the use of dedicated tools, and even more importantly, the right strategies. In this book, you’ll learn strategies and methods to deal with information stored on smartphones and tablets and see how to put the right tools to work. We begin by helping you understand the concept of mobile devices as a source of valuable evidence. Throughout this book, you will explore strategies and "plays" and decide when to use each technique. We cover important techniques such as seizing techniques to shield the device, and acquisition techniques including physical acquisition (via a USB connection), logical acquisition via data backups, over-the-air acquisition. We also explore cloud analysis, evidence discovery and data analysis, tools for mobile forensics, and tools to help you discover and analyze evidence. By the end of the book, you will have a better understanding of the tools and methods used to deal with the challenges of acquiring, preserving, and extracting evidence stored on smartphones, tablets, and the cloud.

Related Content you might be interested in

Current Title:

Small book image
Mobile Forensics ??? Advanced Investigative Strategies
Oleg Afonin | Vladimir Katalov
Sep, 2016 | 412 pages
No titles found
Table of Contents (18 chapters)
Mobile Forensics – Advanced Investigative Strategies
Mobile Forensics – Advanced Investigative Strategies
Credits
Credits
Foreword
Foreword
About the Authors
About the Authors
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introducing Mobile Forensics
Introducing Mobile Forensics
Why we need mobile forensics
Available information
Stages of mobile forensics
Summary
2
Acquisition Methods Overview
Acquisition Methods Overview
Over-the-air acquisition
Logical acquisition (backup analysis)
Physical acquisition
JTAG
Chip-off
In-system programming
Summary
3
Acquisition – Approaching Android Devices
Acquisition – Approaching Android Devices
Android platform fragmentation
AOSP, GMS, and their forensic implications
Summary
4
Practical Steps to Android Acquisition
Practical Steps to Android Acquisition
Android physical acquisition
Approaching physical acquisition
Live imaging
Google Account acquisition – over-the-air
Summary
5
iOS – Introduction and Physical Acquisition
iOS – Introduction and Physical Acquisition
iOS forensics – introduction
Tutorial – physical acquisition with Elcomsoft iOS Forensic Toolkit
Summary
6
iOS Logical and Cloud Acquisition
iOS Logical and Cloud Acquisition
Understanding backups - local, cloud, encrypted and unencrypted
Encrypted versus unencrypted iTunes backups
Breaking backup passwords
A fast CPU and a faster video card
Knowing the user helps breaking the password
Tutorial - logical acquisition with Elcomsoft Phone Breaker
Elcomsoft Phone Breaker on a Mac, inside a virtual PC, or via RDP
iOS Cloud forensics - over-the-air acquisition
Tutorial - cloud acquisition with Elcomsoft Phone Breaker
Downloading iCloud/iCloud Drive backups - using authentication tokens
Extracting authentication tokens
Two-factor authentication
What next?
Summary
7
Acquisition – Approaching Windows Phone and Windows 10 Mobile
Acquisition – Approaching Windows Phone and Windows 10 Mobile
Windows Phone security model
Windows Phone physical acquisition
JTAG forensics on Windows Phone 8.x and Windows 10 Mobile
Windows Phone 8/8.1 and Windows 10 Mobile cloud forensics
Acquiring Windows Phone backups over the air
Summary
8
Acquisition – Approaching Windows 8, 8.1, 10, and RT Tablets
Acquisition – Approaching Windows 8, 8.1, 10, and RT Tablets
Windows 8, 8.1, 10, and RT on portable touchscreen devices
Acquisition of Windows tablets
Imaging Built-in eMMC Storage
Booting Windows tablets from recovery media
Acquiring a BitLocker encryption key
Imaging Windows RT tablets
Cloud Acquisition
Summary
9
Acquisition – Approaching BlackBerry
Acquisition – Approaching BlackBerry
The history of the BlackBerry OS - BlackBerry 1.0-7.1
Acquiring BlackBerry 10
Analyzing BlackBerry backups
Summary
10
Dealing with Issues, Obstacles, and Special Cases
Dealing with Issues, Obstacles, and Special Cases
Cloud acquisition and two-factor authentication
Unallocated space
Accessing destroyed evidence in different mobile platforms
Windows Phone 8 and 8.1 – possible for end-user devices with limitations
Windows RT, Windows 8/8.1, and Windows 10
eMMC and deleted data
SD cards
SQLite databases (access to call logs, browsing history, and many more)
Summary
11
Mobile Forensic Tools and Case Studies
Mobile Forensic Tools and Case Studies
Cellebrite
Micro Systemation AB
AccessData
Oxygen Forensic toolkit
Magnet ACQUIRE
BlackBag Mobilyze
ElcomSoft tools
Case studies
BlackBerry scenarios
Summary

Knowing the user helps breaking the password

Some passwords are protected stronger than others. In fact, in our daily life we routinely use passwords that are weakly protected or not protected at all. Instant messenger passwords? Stored in Windows Registry or configuration files in plain text or barely scrambled. Website passwords? Depending on the Web browser, these are extracted instantly or in a matter of seconds. E-mail passwords in popular applications such as Outlook Express, Windows Mail, Windows Live! Mail, or Thunderbird? Displayed instantly with a simple free tool. Older Office documents, third-party office applications, and many other sources may contain passwords that are more easily accessible compared to passwords protecting Apple backups.

It is a good idea to spend some time extracting the easily recoverable passwords stored elsewhere. Add those passwords to the top of the wordlist file used for a dictionary attack, and in some cases, you won't have to deal with lengthy attacks...

Previous Section
End of Section 6
Next Section