Book Image

Mobile Forensics Cookbook

By : Igor Mikhaylov
Book Image

Mobile Forensics Cookbook

By: Igor Mikhaylov

Overview of this book

Considering the emerging use of mobile phones, there is a growing need for mobile forensics. Mobile forensics focuses specifically on performing forensic examinations of mobile devices, which involves extracting, recovering and analyzing data for the purposes of information security, criminal and civil investigations, and internal investigations. Mobile Forensics Cookbook starts by explaining SIM cards acquisition and analysis using modern forensics tools. You will discover the different software solutions that enable digital forensic examiners to quickly and easily acquire forensic images. You will also learn about forensics analysis and acquisition on Android, iOS, Windows Mobile, and BlackBerry devices. Next, you will understand the importance of cloud computing in the world of mobile forensics and understand different techniques available to extract data from the cloud. Going through the fundamentals of SQLite and Plists Forensics, you will learn how to extract forensic artifacts from these sources with appropriate tools. By the end of this book, you will be well versed with the advanced mobile forensics techniques that will help you perform the complete forensic acquisition and analysis of user data stored in different devices.

Related Content you might be interested in

Current Title:

Small book image
Mobile Forensics Cookbook
Igor Mikhaylov
Dec, 2017 | 302 pages
Small book image
Practical Mobile Forensics
Heather Mahalik | Rohit Tamma | Oleg Skulkin | Satish Bommisetty
Jan, 2018 | 402 pages
Small book image
Practical Mobile Forensics
Heather Mahalik | Rohit Tamma | Oleg Skulkin | Satish Bommisetty
Apr, 2020 | 400 pages
Small book image
iOS Forensics for Investigators
Gianluca Tiepolo
May, 2022 | 316 pages
Table of Contents (18 chapters)
Title Page
Title Page
Credits
Credits
About the Author
About the Author
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
SIM Card Acquisition and Analysis
SIM Card Acquisition and Analysis
Introduction
SIM card acquisition and analysis with TULP2G
SIM card acquisition and analysis with MOBILedit Forensics
SIM card acquisition and analysis with SIMCon
SIM card acquisition and analysis with Oxygen Forensic
2
Android Device Acquisition
Android Device Acquisition
Introduction
Preparatory work
Android device acquisition with Oxygen Forensic
Android device acquisition with MOBILedit Forensic
Android device acquisition with Belkasoft Acquisition Tool
Android device acquisition with Magnet Aсquire
Making physical dumps of Android device without rooting
Unlocking locked Android device
Acquiring Android device through Wi-Fi
Samsung Android device acquisition with Smart Switch
3
Apple Device Acquisition
Apple Device Acquisition
Introduction
Apple device acquisition with Oxygen Forensics
Apple device acquisition with libmobiledevice
Apple device acquisition with Elcomsoft iOS Toolkit
Apple device acquisition with iTunes
Unlocking a locked Apple device
4
Windows Phone and BlackBerry Acquisition
Windows Phone and BlackBerry Acquisition
Introduction
BlackBerry acquisition with Oxygen Forensic
BlackBerry acquisition with BlackBerry Desktop Software
Windows Phone acquisition with Oxygen Forensic
Windows Phone acquisition with UFED 4PC
5
Clouds are Alternative Data Sources
Clouds are Alternative Data Sources
Introduction
Using Cloud Extractor to extract data from Android devices from the cloud
Using Electronic Evidence Examiner to extract data from a Facebook account
Using Elcomsoft Phone Breaker to extract data from iCloud
Using Belkasoft Evidence Center to extract data from iCloud
6
SQLite Forensics
SQLite Forensics
Introduction
Parsing SQLite databases with Belkasoft Evidence Center
Parsing SQLite databases with DB Browser for SQLite
Parsing SQLite databases with Oxygen Forensic SQLite Viewer
Parsing SQLite databases with SQLite Wizard
7
Understanding Plist Forensics
Understanding Plist Forensics
Introduction
Parsing plist with Apple Plist Viewer
Parsing plist with Belkasoft Evidence Center
Parsing plist with plist Editor Pro
Parsing plist with Plist Explorer
8
Analyzing Physical Dumps and Backups of Android Devices
Analyzing Physical Dumps and Backups of Android Devices
Introduction
Android physical dumps and backups parsing with Autopsy
Android TOT container parsing with Oxygen Forensics
Android backups parsing with Belkasoft Evidence Center
Android physical dumps and backups parsing with AXIOM
Android physical dumps parsing with Encase Forensic
Thumbnails analysis with ThumbnailExpert
9
iOS Forensics
iOS Forensics
Introduction
iOS backup parsing with iPhone Backup Extractor
iOS backup parsing with UFED Physical Analyzer
iOS backup parsing with BlackLight
iOS physical dump and backup parsing with Oxygen Forensic
iOS backup parsing with Belkasoft Evidence Center
iOS backup parsing with AXIOM
iOS backup parsing with Encase Forensic
iOS backup parsing with Elcomsoft Phone Viewer
Thumbnail analysis with iThmb Converter
10
Windows Phone and BlackBerry Forensics
Windows Phone and BlackBerry Forensics
Introduction
BlackBerry backup parsing with Elcomsoft Blackberry Backup Explorer Pro
BlackBerry backup parsing with Oxygen Forensic
Windows Phone physical dump and backup parsing with Oxygen Forensic
Windows Phone physical dump parsing with UFED Physical Analyzer
11
JTAG and Chip-off Techniques
JTAG and Chip-off Techniques
Introduction
A sample Android device JTAG
A sample Android device chip-off
A sample Windows Phone device JTAG
A sample iPhone device chip-off

iOS physical dump and backup parsing with Oxygen Forensic

The Oxygen Forensic program has already been described in Chapter 1, SIM Cards Acquisition and Analysis. In this recipe, we will show how to analyze an iTunes backup via Oxygen Forensic.

How to do it…

  1. In order to import data from an iTunes backup, click the arrow to the right of the Import file button on the Oxygen Forensic toolbar. In the drop-down menu, go to Import Apple backup/image and then Import iTunes backup ....

Selection of the data import type

  1. In the opened window, specify the path to the backup copy. Select the Manifest.plist file and click the Open file.
  1. In the new window, fill in the details of the case, such as Case number, Evidence number, Place, Incident number, Backup password (optional), Inspector, Device owner, Owner email, and so on. If you need to recover deleted data, tick Search and recover deleted data from applications. The process of data restoration will take additional time. Click the Next button:

Window of...

Previous Section
End of Section 6
Next Section