Book Image

Mastering Mobile Forensics

By : Soufiane Tahiri
Book Image

Mastering Mobile Forensics

By: Soufiane Tahiri

Overview of this book

Mobile forensics presents a real challenge to the forensic community due to the fast and unstoppable changes in technology. This book aims to provide the forensic community an in-depth insight into mobile forensic techniques when it comes to deal with recent smartphones operating systems Starting with a brief overview of forensic strategies and investigation procedures, you will understand the concepts of file carving, GPS analysis, and string analyzing. You will also see the difference between encryption, encoding, and hashing methods and get to grips with the fundamentals of reverse code engineering. Next, the book will walk you through the iOS, Android and Windows Phone architectures and filesystem, followed by showing you various forensic approaches and data gathering techniques. You will also explore advanced forensic techniques and find out how to deal with third-applications using case studies. The book will help you master data acquisition on Windows Phone 8. By the end of this book, you will be acquainted with best practices and the different models used in mobile forensics.
Table of Contents (14 chapters)
Mastering Mobile Forensics
Credits
About the Author
About the Reviewer
www.PacktPub.com
Preface
Preparing a Mobile Forensic Workstation
Index

JTAG and physical acquisition


Currently, the Windows Phone 8+ devices are physical acquisition resistant and most (if not all) forensic tools cannot achieve it. However, Cellebrite claims on their website that their UFED is the first in the industry to support the physical extraction and decoding of Windows Phone devices running OS versions 8.0 and 8.1, including HTC Pro, HTC HD2 T9193, Xperia X1, Nokia Lumia 520, and LG GM750 (http://www.cellebrite.com/Pages/windows-phone-forensics-physical-extraction-and-decoding-from-windows-phone-devices). This said, the test (conducted by the Computer Forensic Tool Testing Program of the National Institute of Standards and Technology) results of data acquisition using UFED 4PC v4.2.6.5 and Physical Analyzer v4.2.6.4 for Nokia Lumia 920 and HTC PM23300 running Windows Phone 8.0 show that only extremely limited data was acquired: no SMS messages, application data, Internet data, or social media data (including Facebook, Twitter, and LinkedIn) were extracted...