Book Image

Mastering Mobile Forensics

By : Soufiane Tahiri
Book Image

Mastering Mobile Forensics

By: Soufiane Tahiri

Overview of this book

Mobile forensics presents a real challenge to the forensic community due to the fast and unstoppable changes in technology. This book aims to provide the forensic community an in-depth insight into mobile forensic techniques when it comes to deal with recent smartphones operating systems Starting with a brief overview of forensic strategies and investigation procedures, you will understand the concepts of file carving, GPS analysis, and string analyzing. You will also see the difference between encryption, encoding, and hashing methods and get to grips with the fundamentals of reverse code engineering. Next, the book will walk you through the iOS, Android and Windows Phone architectures and filesystem, followed by showing you various forensic approaches and data gathering techniques. You will also explore advanced forensic techniques and find out how to deal with third-applications using case studies. The book will help you master data acquisition on Windows Phone 8. By the end of this book, you will be acquainted with best practices and the different models used in mobile forensics.
Table of Contents (14 chapters)
Mastering Mobile Forensics
About the Author
About the Reviewer
Preparing a Mobile Forensic Workstation

Windows Phone 8 internals

Based on the Windows NT kernel, Windows Phone 8.x uses the Core System to boot, manage hardware, authenticate, and communicate on networks. The Core System is a minimal Windows system that contains low-level security features and is supplemented by a set of Windows Phone-specific binaries from Mobile Core to handle phone-specific tasks; this makes it the only distinct architectural entity (from desktop-based Windows) in Windows Phone. The following is an abstract representation of the Windows 8 and Windows Phone 8.x layers:


Windows contains the same components as Mobile Core, but they are part of a larger set of functionality.

Windows and Windows Phone are completely aligned at the Windows Core System and run exactly the same code at this level. The shared core actually consists of the Windows Core System and Mobile Core where the APIs are the same, but the code at the backend has been changed to serve mobile needs.

As most mobile operating systems, Windows Phone...