Book Image

Practical Mobile Forensics

Book Image

Practical Mobile Forensics

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Practical Mobile Forensics
Jul, 2014 | 328 pages
No titles found
Table of Contents (20 chapters)
Practical Mobile Forensics
Practical Mobile Forensics
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to Mobile Forensics
Introduction to Mobile Forensics
Mobile forensics
Mobile phone evidence extraction process
Practical mobile forensic approaches
Potential evidence stored on mobile phones
Rules of evidence
Good forensic practices
Summary
2
Understanding the Internals of iOS Devices
Understanding the Internals of iOS Devices
iPhone models
iPhone hardware
iPad models
iPad hardware
File system
The HFS Plus file system
Disk layout
iPhone operating system
Summary
3
Data Acquisition from iOS Devices
Data Acquisition from iOS Devices
Operating modes of iOS devices
Physical acquisition
Acquisition via a custom ramdisk
Acquisition via jailbreaking
Summary
4
Data Acquisition from iOS Backups
Data Acquisition from iOS Backups
iTunes backup
iCloud backup
Summary
5
iOS Data Analysis and Recovery
iOS Data Analysis and Recovery
Timestamps
SQLite databases
Property lists
Other important files
Recovering deleted SQLite records
Summary
6
iOS Forensic Tools
iOS Forensic Tools
Elcomsoft iOS Forensic Toolkit
Oxygen Forensic Suite 2014
Cellebrite UFED Physical Analyzer
Paraben iRecovery Stick
Open source or free methods
Summary
7
Understanding Android
Understanding Android
The Android model
Android security
Android file hierarchy
Android file system
Summary
8
Android Forensic Setup and Pre Data Extraction Techniques
Android Forensic Setup and Pre Data Extraction Techniques
A forensic environment setup
Screen lock bypassing techniques
Gaining root access
Summary
9
Android Data Extraction Techniques
Android Data Extraction Techniques
Imaging an Android Phone
Data extraction techniques
Summary
10
Android Data Recovery Techniques
Android Data Recovery Techniques
Data recovery
Summary
11
Android App Analysis and Overview of Forensic Tools
Android App Analysis and Overview of Forensic Tools
Android app analysis
Reverse engineering Android apps
Forensic tools overview
Cellebrite – UFED
MOBILedit
Autopsy
Summary
12
Windows Phone Forensics
Windows Phone Forensics
Windows Phone OS
Windows Phone file system
Data acquisition
Summary
13
BlackBerry Forensics
BlackBerry Forensics
BlackBerry OS
Data acquisition
BlackBerry analysis
Summary
Index
Index

Data acquisition

Acquiring data from a Windows Phone is challenging for forensic examiners, as physical and logical methods defined in previous chapters are not commonly supported. One of the most common techniques in data acquisition is to install an application or agent on the device, which extracts as much data as possible from the device. This could result in certain changes on the device but nevertheless, it is still forensically sound if the examiner follows standard protocols. These protocols include proper testing to ensure no user data is changed, validation of the method on a test device, and documenting all steps taken during the acquisition process. For this acquisition method to work, the app needs to be installed with the privileges of Standard Rights Chamber. This may require the examiner to copy the manufacturer's DLLs, which have higher privileges into the user app. This allows the app to access methods and resources that are usually limited to native apps.

Most examiners...

Previous Section
End of Section 4
Next Section