Mastering Mobile Forensics

Mastering Mobile Forensics

By : Soufiane Tahiri

Buy this Book

Mastering Mobile Forensics

By: Soufiane Tahiri

Buy this Book

Overview of this book

Mobile forensics presents a real challenge to the forensic community due to the fast and unstoppable changes in technology. This book aims to provide the forensic community an in-depth insight into mobile forensic techniques when it comes to deal with recent smartphones operating systems Starting with a brief overview of forensic strategies and investigation procedures, you will understand the concepts of file carving, GPS analysis, and string analyzing. You will also see the difference between encryption, encoding, and hashing methods and get to grips with the fundamentals of reverse code engineering. Next, the book will walk you through the iOS, Android and Windows Phone architectures and filesystem, followed by showing you various forensic approaches and data gathering techniques. You will also explore advanced forensic techniques and find out how to deal with third-applications using case studies. The book will help you master data acquisition on Windows Phone 8. By the end of this book, you will be acquainted with best practices and the different models used in mobile forensics.

Mastering Mobile Forensics

Credits

About the Author

About the Reviewer

www.PacktPub.com

Preface

Free Chapter

Mobile Forensics and the Investigation Process Model

Why mobile forensics?

Smartphone forensics models

Smartphone forensics challenges

Summary

Do It Yourself – Low-Level Techniques

Getting acquainted with file carving

Extracting metadata – GPS analysis

String dump and analysis

Encryption versus encoding versus hashing

Decompiling and disassembling

Summary

iDevices from a Forensic Point of View

The iOS architecture

The iOS filesystem

iOS platform and hardware security

Identifying stored data

iOS acquisition and forensic approaches

It's going biometric!

Third-party applications

Summary

Android Forensics

Android OS – all you need to know

Android security model

Bypassing security

Android logical data acquisition

Android physical data acquisition

JTAG and chip-off forensic examinations

Third-party applications and a real case study

Summary

Windows Phone 8 Forensics

Windows Phone 7 versus Windows Phone 8

Windows Phone 8 internals

Windows phone 8 security models

Windows Phone logical acquisition

JTAG and physical acquisition

Artifact location and user PIN study

Summary

Mobile Forensics – Best Practices

Presenting a mobile forensics process

Mobile device identification

Summary

Preparing a Mobile Forensic Workstation

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Artifact location and user PIN study

In this section, we will look for the location of some of the evidence generated by a Windows Phone 8+ device. Usually, in a forensics investigation process, SMS/MMS messages are some of the most looked-for evidence. Windows Phone 8.x stores MMS data at %DataDrive%:\SharedData\Comms\Unistore\data\ as .dat files under subdirectories named 0 to +99 with more subdirectories named a to p.

The following is a picture contained within a received MMS:

The SMS and contact information (including synced contacts from LinkedIn, Facebook, and Twitter) data is stored under the %DataDrive%:\Users\WPCOMMSERVICES\APPDATA\Local\Unistore\ directory as a store.vol file, which is an ESE database:

The database is simply a huge repository of evidence and contains more than 54 tables (Activity, Appointment, EmailMetadata, EmailRecipientInfo, and so on). You can explore it using the ESEDatabaseView downloadable from http://www.nirsoft.net/utils/ese_database_view.html. This utility...

Mastering Mobile Forensics

By : Soufiane Tahiri

Mastering Mobile Forensics

By: Soufiane Tahiri

Overview of this book

Related Content you might be interested in

Current Title:

Mastering Mobile Forensics

Artifact location and user PIN study