Book Image

Practical Mobile Forensics

Book Image

Practical Mobile Forensics

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Practical Mobile Forensics
Jul, 2014 | 328 pages
No titles found
Table of Contents (20 chapters)
Practical Mobile Forensics
Practical Mobile Forensics
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to Mobile Forensics
Introduction to Mobile Forensics
Mobile forensics
Mobile phone evidence extraction process
Practical mobile forensic approaches
Potential evidence stored on mobile phones
Rules of evidence
Good forensic practices
Summary
2
Understanding the Internals of iOS Devices
Understanding the Internals of iOS Devices
iPhone models
iPhone hardware
iPad models
iPad hardware
File system
The HFS Plus file system
Disk layout
iPhone operating system
Summary
3
Data Acquisition from iOS Devices
Data Acquisition from iOS Devices
Operating modes of iOS devices
Physical acquisition
Acquisition via a custom ramdisk
Acquisition via jailbreaking
Summary
4
Data Acquisition from iOS Backups
Data Acquisition from iOS Backups
iTunes backup
iCloud backup
Summary
5
iOS Data Analysis and Recovery
iOS Data Analysis and Recovery
Timestamps
SQLite databases
Property lists
Other important files
Recovering deleted SQLite records
Summary
6
iOS Forensic Tools
iOS Forensic Tools
Elcomsoft iOS Forensic Toolkit
Oxygen Forensic Suite 2014
Cellebrite UFED Physical Analyzer
Paraben iRecovery Stick
Open source or free methods
Summary
7
Understanding Android
Understanding Android
The Android model
Android security
Android file hierarchy
Android file system
Summary
8
Android Forensic Setup and Pre Data Extraction Techniques
Android Forensic Setup and Pre Data Extraction Techniques
A forensic environment setup
Screen lock bypassing techniques
Gaining root access
Summary
9
Android Data Extraction Techniques
Android Data Extraction Techniques
Imaging an Android Phone
Data extraction techniques
Summary
10
Android Data Recovery Techniques
Android Data Recovery Techniques
Data recovery
Summary
11
Android App Analysis and Overview of Forensic Tools
Android App Analysis and Overview of Forensic Tools
Android app analysis
Reverse engineering Android apps
Forensic tools overview
Cellebrite – UFED
MOBILedit
Autopsy
Summary
12
Windows Phone Forensics
Windows Phone Forensics
Windows Phone OS
Windows Phone file system
Data acquisition
Summary
13
BlackBerry Forensics
BlackBerry Forensics
BlackBerry OS
Data acquisition
BlackBerry analysis
Summary
Index
Index

About the Reviewers

Dr. Aswami Ariffin specializes in digital forensics (PhD) and previously was a GIAC Certified Forensic Analyst (GCFA) and Certified Wireless Security Professional (CWSP). He has attended various digital forensics training courses, such as SANS System Forensics, Investigation and Response in Australia, multimedia forensics in the United Kingdom and United States, and also data recovery in South Korea.

He has experience in handling computer crimes and computer-related crimes with various law enforcement agencies/regulatory bodies in Malaysia and overseas (recognized as an expert by New South Wales Police Force, Australia). He managed more than 1,800 digital forensic investigations and provided expert testimonies/coordination in Malaysia's High Court and Royal Commission of Inquiry.

He is active in research, and one of his papers entitled Data Recovery From Proprietary-Formatted Files CCTV Hard Disks was accepted for publication and presentation at the 2013 Ninth Annual IFIP WG 11.9 International Conference on Digital Forensics, USA. He was also involved as a committee member of the digital forensics program of the prestigious International Conference on Availability, Reliability, and Security (ARES 2012 and 2013).

Due to his immense contribution in combating cyber crimes and developing CyberSecurity, Malaysia's digital forensics capabilities, Dr. Aswami Ariffin was awarded the ISLA (Information Security Leadership Award) in 2009 by ISC2, USA. The Attorney General Chambers of Malaysia and Royal Malaysia Police also issued a commendation letter and certificate of appreciation to him.

Currently, he is Vice President of Cyber Security Responsive Services at CyberSecurity Malaysia. He provides input on strategic direction, technical leadership, and marketing strategy for CyberSecurity Malaysia security operations and research—Digital Forensics Department, MyCERT, and Secure Technology Services.

Dr. Salvatore Fiorillo (MSIT) is a fast learner, problem solver, and open-minded person. He likes unconventional challenges. Holding a degree in Political Science and a Master's degree in IT Security, his interests are wide ranging, from digital forensic and general hacking, to social, anthropological, statistics, and financial studies. He is a network-centric warfare evangelist and gave a speech at De Vere University Arms in Cambridge (UK) during the 2007 conference organized by the Command and Control Research Program (CCRP) within the Office of the Assistant Secretary of US-Defense (NII). He is also the author of Theory and practice of flash memory mobile forensics, a 2009 widespread paper on the limits of digital forensic tools (work cited in the 2014 NIST Guidelines on Mobile Device Forensics).

I would like to thank Lucia Tirino and Monica Capasso for their precious help and support throughout. I would also like to thank the people at Packt Publishing; they are all very professional and nice people.

Yogesh Khatri is an assistant professor teaching computer forensics at Champlain College in Burlington, Vermont. Prior to that, he has had a decade of experience working in industry as a consultant and trainer for various companies, including guidance software, during which he worked on cases in several countries, and with many Fortune 100 companies. Yogesh has a Master's degree in Computer Engineering from Syracuse University. He runs a blog at www.swiftforensics.com, which showcases his latest research, scripts, ideas, and videos on computer forensics.

Erik Kristensen holds a Bachelor's degree in Computer Science with over 15 years of experience with computer systems that includes computer security, mobile security, and computer forensics. During his time in the United States Air Force, he specialized in computer security and helped pioneer a mobile security program for the BlackBerry, Android, and iPhone devices. He is currently a GIAC Certified Forensics Analyst (GCFA) and is the primary maintainer of the SANS Investigative Forensics Toolkit (SIFT) for computer forensics. He has a broad range of experience and interests. He enjoys problem solving and thinking out of the box. He is currently the lead DevOps engineer for viaForensics, an advanced mobile security and forensics company.

Dr. Michael Spreitzenbarth worked several years as a freelancer in the IT security sector after finishing his diploma thesis with a major in Mobile Phone Forensics. In 2013, he finished his PhD from the University of Erlangen-Nuremberg in the field of Android Forensics and Mobile Malware Analysis. Since this time, he has been working in an internationally operating CERT. His daily work deals with the security of mobile systems, forensic analysis of smartphones and suspicious mobile applications, as well as the investigation of security-related incidents. Alongside this, he is working on the improvement of mobile malware analysis techniques and research in the field of Android and iOS forensics.

Previous Section
Next Chapter