Book Image

iOS Forensics Cookbook

By : Bhanu Birani, Mayank Birani
Book Image

iOS Forensics Cookbook

By: Bhanu Birani, Mayank Birani

Overview of this book

Mobile device forensics is a branch of digital forensics that involves the recovery of evidence or data in a digital format from a device without affecting its integrity. With the growing popularity of iOS-based Apple devices, iOS forensics has developed immense importance. To cater to the need, this book deals with tasks such as the encryption and decryption of files, various ways to integrate techniques withsocial media, and ways to grab the user events and actions on the iOS app. Using practical examples, we’ll start with the analysis keychain and raw disk decryption, social media integration, and getting accustomed to analytics tools. You’ll also learn how to distribute the iOS apps without releasing them to Apple’s App Store. Moving on, the book covers test flights and hockey app integration, the crash reporting system, recovery tools, and their features. By the end of the book, using the aforementioned techniques, you will be able to successfully analyze iOS-based devices forensically.
Table of Contents (13 chapters)

Index

A

  • app
    • distributing, via TestFlight / Getting ready, How to do it...
    • HockeyApp, integrating with / Integrating HockeyApp, Getting ready, How to do it...
  • Apple developer link, for documents directories
    • URL / See also

B

  • backups
    • recovering / Recovering backups
    • reference link / See more...

C

  • core data
    • about / Learning about core data, Getting ready
    • implementing, in iOS applications / How to do it...
  • crash logs
    • desymbolication / Desymbolication of crash logs, Getting ready, How to do it...
    • receiving, from device / Receiving crash logs directly from a device without using Xcode, How to do it...
  • Crashlytics
    • integrating, in project / Crashlytics integration, How to do it...
    • URL / How to do it...
  • crash reports
    • analyzing / Analyzing crash reports, How to do it...

D

  • data
    • saving, RAW file used / Saving data using the RAW file, How to do it...
    • saving, in SQLite database / Saving data in the SQLite database, Getting ready, How to do it...
    • extracting / Extracting and reading data, Getting ready, How to do it...
    • reading / Extracting and reading data, Getting ready, How to do it...
  • device
    • launching, in DFU mode / How to do it...
  • DFU mode
    • about / DFU and Recovery modes
    • device, launching in / How to do it...
  • Documents directory
    • overview / The Documents directory, How to do it...

E

  • encrypted backups
    • creating, of iDevice / How to do it...

F

  • Facebook
    • Instagram, integrating with / Integration with Facebook, Getting ready, How to do it...
  • Flurry, with Data Mining / Getting ready, How to do it…
  • Flurry Analytics
    • used, for developing mini app / How to do it...

G

  • Google Analytics
    • used, for developing mini app / Getting ready, How to do it...

H

  • HFS+ Allocation File
    • about / Getting ready
  • HFS+ Catalog File
    • about / Getting ready
  • HFS+ Extents Overflow File
    • about / Getting ready
  • HFS+ Volume Header
    • about / Getting ready
  • HockeyApp
    • integrating, with app / Integrating HockeyApp, Getting ready, How to do it...
    • URL / Getting ready
    • URL, for downloading dmg / How to do it...
  • HockeyApp, for crash reporting / HockeyApp for crash reporting, How to do it...
  • HockeyApp SDK
    • download link / How to do it...

I

  • iBackupBot
    • download link / How to do it...
  • iCloud
    • about / How to do it...
  • iCloud backup
    • about / How to do it...
  • iCloud settings
    • updating / How to do it...
  • iDevice
    • encrypted backups, creating of / How to do it...
  • iDevice API / How to do it...
  • iExplorer
    • exploring / Exploring iExplorer, How to do it...
    • URL, for downloading / How to do it...
  • Instagram
    • integrating, with Facebook / Integration with Facebook, Getting ready, How to do it...
  • Instagram integration
    • about / Getting ready, How to do it...
  • iOS applications
    • core data, implementing in / How to do it...
  • iOS device
    • Recovery mode, launching on / How to do it...
  • iPhone Backup Analyzer
    • exploring / Exploring iPhone Backup Analyzer, How to do it...
    • URL, for downloading JAR file / Getting ready
  • iPhone Backup Browser
    • download link / How to do it..., How to do it...
  • iPhone backup extractor
    • download link / How to do it...
  • iPhone Backup Extractor
    • download link / How to do it...
  • iPhone devices
    • jailbreaking / Jailbreaking iPhone devices, How to do it...
  • iTunes backup
    • about / How to do it...
    • extracting / Extracting data from iTunes backups, How to do it...
  • iTunes backups
    • decrypting / How to do it...

L

  • LinkedIn integration
    • about / Getting ready, How to do it...

M

  • Manifest.mbdb file
    • about / How to do it...
    • header / How to do it...
    • record / How to do it...
  • mini app
    • developing, Google Analytics used / Getting ready, How to do it...
    • developing, Flurry Analytics used / How to do it...
  • Mix Panel
    • reference link / How to do it…
  • Mix Panel integration / Integrating Mixpanel, How to do it…

P

  • Pangu
    • download link / Getting ready
  • partitions
    • about / Getting ready
    • firmware partition / Getting ready
    • user data partition / Getting ready
  • path of document directories
    • retrieving / How to do it...
  • project
    • Crashlytics, integrating in / Crashlytics integration, How to do it...
  • protection classes, for files
    • NSProtectionComplete / How to do it...
    • NSFileProtectionCompleteUnlessOpen / How to do it...
    • NSFileProtectionCompleteUntilFirstUserAuthentication / How to do it...
    • NSProtectionNone / How to do it...
    • NSFileProtectionRecovery / How to do it...
  • protection classes, for keychain items
    • kSecAttrAccessibleWhenUnlocked / How to do it...
    • kSecAttrAccessibleAfterFirstUnlock / How to do it...
    • kSecAttrAccessibleAlways / How to do it...
    • kSecAttrAccessibleWhenUnlockedThisDeviceOnly / How to do it...
    • kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly / How to do it...
    • kSecAttrAccessibleAlwaysThisDeviceOnly / How to do it...
  • PyCrypto
    • download link / How to do it...
  • Python
    • download link / How to do it...

R

  • RAW file
    • used, for saving data / Saving data using the RAW file, How to do it...
  • Recovery mode
    • about / How to do it...
    • launching, on iOS device / How to do it...

S

  • SQLite browser
    • exploring / Exploring SQLite browser, How to do it...
    • download link / Getting ready
  • SQLite database
    • data, saving in / Saving data in the SQLite database, Getting ready, How to do it...
  • SQLite Database
    • about / Getting ready

T

  • TestFlight
    • setting up / Setting up and integrating TestFlight, Getting ready, How to do it...
    • app, distributing via / Getting ready, How to do it...
  • tools
    • encrypting / Encrypting and decrypting tools, How to do it...
    • decrypting / Encrypting and decrypting tools, How to do it...

U

  • unique key
    • generating / How to do it...

X

  • Xcode
    • crash logs, receiving from device / Receiving crash logs from a device by using Xcode, How to do it...

Y

  • Yahoo Developer site
    • reference link / How to do it..., How to do it…