Book Image

Practical Mobile Forensics

Book Image

Practical Mobile Forensics

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Practical Mobile Forensics
Jul, 2014 | 328 pages
No titles found
Table of Contents (20 chapters)
Practical Mobile Forensics
Practical Mobile Forensics
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to Mobile Forensics
Introduction to Mobile Forensics
Mobile forensics
Mobile phone evidence extraction process
Practical mobile forensic approaches
Potential evidence stored on mobile phones
Rules of evidence
Good forensic practices
Summary
2
Understanding the Internals of iOS Devices
Understanding the Internals of iOS Devices
iPhone models
iPhone hardware
iPad models
iPad hardware
File system
The HFS Plus file system
Disk layout
iPhone operating system
Summary
3
Data Acquisition from iOS Devices
Data Acquisition from iOS Devices
Operating modes of iOS devices
Physical acquisition
Acquisition via a custom ramdisk
Acquisition via jailbreaking
Summary
4
Data Acquisition from iOS Backups
Data Acquisition from iOS Backups
iTunes backup
iCloud backup
Summary
5
iOS Data Analysis and Recovery
iOS Data Analysis and Recovery
Timestamps
SQLite databases
Property lists
Other important files
Recovering deleted SQLite records
Summary
6
iOS Forensic Tools
iOS Forensic Tools
Elcomsoft iOS Forensic Toolkit
Oxygen Forensic Suite 2014
Cellebrite UFED Physical Analyzer
Paraben iRecovery Stick
Open source or free methods
Summary
7
Understanding Android
Understanding Android
The Android model
Android security
Android file hierarchy
Android file system
Summary
8
Android Forensic Setup and Pre Data Extraction Techniques
Android Forensic Setup and Pre Data Extraction Techniques
A forensic environment setup
Screen lock bypassing techniques
Gaining root access
Summary
9
Android Data Extraction Techniques
Android Data Extraction Techniques
Imaging an Android Phone
Data extraction techniques
Summary
10
Android Data Recovery Techniques
Android Data Recovery Techniques
Data recovery
Summary
11
Android App Analysis and Overview of Forensic Tools
Android App Analysis and Overview of Forensic Tools
Android app analysis
Reverse engineering Android apps
Forensic tools overview
Cellebrite – UFED
MOBILedit
Autopsy
Summary
12
Windows Phone Forensics
Windows Phone Forensics
Windows Phone OS
Windows Phone file system
Data acquisition
Summary
13
BlackBerry Forensics
BlackBerry Forensics
BlackBerry OS
Data acquisition
BlackBerry analysis
Summary
Index
Index

Autopsy

Should manual examination or file carving be required, it is best to use a forensic tool that provides access to the raw files on the Android device. Autopsy, the GUI-based upon the Sleuth Kit, runs on a Windows forensic workstation and can be downloaded from http://www.sleuthkit.org/autopsy/. Autopsy currently provides analytical support for Android devices. Both open source and Law Enforcement modules are available for Autopsy. These modules provide additional file carving and parsing support for applications and files found on Android devices and SD cards. For example, the open mobile forensics module provides mobile device parsing capabilities to pull out artifacts such as calls, SMS, chats, pictures, and more.

Analyzing an Android in Autopsy

In this example, we will be using a physical image of the Samsung Galaxy SIII. This device was physically extracted using Cellebrite UFED Touch. The following steps should be performed to correctly mount an Android image and to start your...

Previous Section
End of Section 7
Next Section