Practical Mobile Forensics

Practical Mobile Forensics - Third Edition

By : Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty

Buy this Book

Practical Mobile Forensics - Third Edition

By: Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty

Buy this Book

Overview of this book

Covering up-to-date mobile platforms, this book will focuses on teaching you the most recent techniques for investigating mobile devices. We delve mobile forensics techniques in iOS 9-11, Android 7-8 devices, and Windows 10. We will demonstrate the latest open source and commercial mobile forensics tools, enabling you to analyze and retrieve data effectively. You will learn how to introspect and retrieve data from the cloud, and document and prepare reports of your investigations. By the end of this book, you will have mastered the current operating systems and the relevant techniques to recover data from mobile devices by leveraging open source solutions.

Title Page

Packt Upsell

Contributors

Preface

Free Chapter

Introduction to Mobile Forensics

Why do we need mobile forensics?

Mobile forensics

The mobile phone evidence extraction process

Practical mobile forensic approaches

Potential evidence stored on mobile phones

Examination and analysis

Rules of evidence

Good forensic practices

Summary

Understanding the Internals of iOS Devices

iPhone models

iPhone hardware

iPad models

Understanding the iPad hardware

Apple Watch models

Understanding the Apple Watch hardware

The filesystem

The HFS Plus filesystem

The APFS filesystem

Disk layout

iPhone operating system

Summary

Data Acquisition from iOS Devices

Operating modes of iOS devices

Logical acquisition

Filesystem acquisition

Physical acquisition

Summary

Data Acquisition from iOS Backups

iTunes backup

Extracting unencrypted backups

Encrypted backup

Working with iCloud backups

Summary

iOS Data Analysis and Recovery

Timestamps

Summary

iOS Forensic Tools

Working with Cellebrite UFED Physical Analyzer

Working with Magnet AXIOM

Working with Belkasoft Evidence Center

Working with Oxygen Forensic Detective

Summary

Understanding Android

The evolution of Android

The Android model

Android security

The Android file hierarchy

The Android file system

Summary

Android Forensic Setup and Pre-Data Extraction Techniques

Setting up the forensic environment for Android

Screen lock bypassing techniques

Gaining root access

Summary

Android Data Extraction Techniques

Data extraction techniques

Summary

Android Data Analysis and Recovery

Analyzing an Android image

Android data recovery

Summary

Android App Analysis, Malware, and Reverse Engineering

Analyzing Android apps

Reverse engineering Android apps

Android malware

Summary

Windows Phone Forensics

Windows Phone OS

Security model

Windows Phone filesystem

Data acquisition

Commercial forensic tool acquisition methods

Key artifacts for examination

Summary

Parsing Third-Party Application Files

Third-party application overview

Encoding versus encryption

Application data storage

Forensic methods used to extract third-party application data

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Potential evidence stored on mobile phones

The range of information that can be obtained from mobile phones is detailed in this section. Data on a mobile phone can be found in a number of locations--SIM card, external storage card, and phone memory. In addition, the service provider also stores communication-related information. The book primarily focuses on data acquired from the phone memory. Mobile device data extraction tools recover data from the phone's memory. Even though data recovered during a forensic acquisition depends on the mobile model, in general, the following data is common across all models and useful as evidence. Note that most of the following artifacts contain date- and timestamps:

Address book: This contains contact names, phone numbers, email addresses, and so on
Call history: This contains dialed, received, missed calls, and call duration
SMS: This contains sent and received text messages
MMS: This contains media files such as sent and received photos and videos
E-mail: This contains sent, drafted, and received email messages
Web browser history: This contains the history of websites that were visited
Photos: This contains pictures that were captured using the mobile phone camera, those downloaded from the internet, and the ones transferred from other devices
Videos: This contains videos that are captured using the mobile camera, those downloaded from the internet, and the ones transferred from other devices
Music: This contains music files downloaded from the internet and those transferred from other devices
Documents: This contains documents created using the device's applications, those downloaded from the internet, and the ones transferred from other devices
Calendar: This contains calendar entries and appointments
Network communication: This contains GPS locations
Maps: This contains places the user visited, looked-up directions, and searched and downloaded maps
Social networking data: This contains data stored by applications, such as Facebook, Twitter, LinkedIn, Google+, and WhatsApp
Deleted data: This contains information deleted from the phone

Practical Mobile Forensics - Third Edition

By : Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty

Practical Mobile Forensics - Third Edition

By: Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty

Overview of this book

Related Content you might be interested in

Current Title:

Practical Mobile Forensics - Third Edition

Learning Android Forensics

iOS Forensics for Investigators

Mobile Forensics Cookbook

Potential evidence stored on mobile phones