Book Image

Mastering Mobile Forensics

By : Soufiane Tahiri
Book Image

Mastering Mobile Forensics

By: Soufiane Tahiri

Overview of this book

Mobile forensics presents a real challenge to the forensic community due to the fast and unstoppable changes in technology. This book aims to provide the forensic community an in-depth insight into mobile forensic techniques when it comes to deal with recent smartphones operating systems Starting with a brief overview of forensic strategies and investigation procedures, you will understand the concepts of file carving, GPS analysis, and string analyzing. You will also see the difference between encryption, encoding, and hashing methods and get to grips with the fundamentals of reverse code engineering. Next, the book will walk you through the iOS, Android and Windows Phone architectures and filesystem, followed by showing you various forensic approaches and data gathering techniques. You will also explore advanced forensic techniques and find out how to deal with third-applications using case studies. The book will help you master data acquisition on Windows Phone 8. By the end of this book, you will be acquainted with best practices and the different models used in mobile forensics.
Table of Contents (14 chapters)
Mastering Mobile Forensics
About the Author
About the Reviewer
Preparing a Mobile Forensic Workstation


In this chapter, we discussed some of the iOS internals including an overview of the iOS architecture and filesystem, we went through iOS platform and hardware security and also different boot modes. In this chapter, we introduced major methods of acquiring an iOS device normal, logical, and physical acquisitions and how to deal with some free and commercial forensic tools; this chapter also showed the data and how this data is stored within an iDevice. In this chapter, we also explained how iTunes backups are made, how lockdown certificates and property files are important, and how to gather data from unencrypted backups and then how to crack password protected backups. We also pointed to the fact that even if you cannot crack a password protected backup you are still able to know its actual content by inspecting property list files and Manifest.mbdb. We also had a look at the biometric aspect of new iDevices.

We illustrated how to approach the forensic analysis of the well-known...