Book Image

Mobile Forensics Cookbook

By : Igor Mikhaylov
Book Image

Mobile Forensics Cookbook

By: Igor Mikhaylov

Overview of this book

Considering the emerging use of mobile phones, there is a growing need for mobile forensics. Mobile forensics focuses specifically on performing forensic examinations of mobile devices, which involves extracting, recovering and analyzing data for the purposes of information security, criminal and civil investigations, and internal investigations. Mobile Forensics Cookbook starts by explaining SIM cards acquisition and analysis using modern forensics tools. You will discover the different software solutions that enable digital forensic examiners to quickly and easily acquire forensic images. You will also learn about forensics analysis and acquisition on Android, iOS, Windows Mobile, and BlackBerry devices. Next, you will understand the importance of cloud computing in the world of mobile forensics and understand different techniques available to extract data from the cloud. Going through the fundamentals of SQLite and Plists Forensics, you will learn how to extract forensic artifacts from these sources with appropriate tools. By the end of this book, you will be well versed with the advanced mobile forensics techniques that will help you perform the complete forensic acquisition and analysis of user data stored in different devices.
Table of Contents (18 chapters)
Title Page
Credits
About the Author
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface

Introduction


Mobile devices from the Apple company, such as iPhones and iPads, occupy about 15% of the mobile device market. Due to this fact, they often become the object of forensic analysis.

Mobile devices from the Apple company are the most complex objects in forensic analysis. The restrictions of access to the user’s data used in the devices do not allow extracting the data in full. The encryption makes the use of all known file recovery algorithms useless. Even if you manage to recover a file in some way, its content will be unavailable, as it will remain encrypted.

The complete examination of an Apple device is possible if you jailbreak it. The file system can be extracted from such a device and via analysis of the file system, you can extract a maximum number of user data. However, this operation cannot be performed for all types of such devices.

For mobile devices up to and including the iPhone 4, you can make physical dumps. It allows you not only to fully extract user’s data from...