Book Image

Mobile Forensics ??? Advanced Investigative Strategies

By : Oleg Afonin, Vladimir Katalov
Book Image

Mobile Forensics ??? Advanced Investigative Strategies

By: Oleg Afonin, Vladimir Katalov

Overview of this book

Investigating digital media is impossible without forensic tools. Dealing with complex forensic problems requires the use of dedicated tools, and even more importantly, the right strategies. In this book, you’ll learn strategies and methods to deal with information stored on smartphones and tablets and see how to put the right tools to work. We begin by helping you understand the concept of mobile devices as a source of valuable evidence. Throughout this book, you will explore strategies and "plays" and decide when to use each technique. We cover important techniques such as seizing techniques to shield the device, and acquisition techniques including physical acquisition (via a USB connection), logical acquisition via data backups, over-the-air acquisition. We also explore cloud analysis, evidence discovery and data analysis, tools for mobile forensics, and tools to help you discover and analyze evidence. By the end of the book, you will have a better understanding of the tools and methods used to deal with the challenges of acquiring, preserving, and extracting evidence stored on smartphones, tablets, and the cloud.

Related Content you might be interested in

Current Title:

Small book image
Mobile Forensics ??? Advanced Investigative Strategies
Oleg Afonin | Vladimir Katalov
Sep, 2016 | 412 pages
No titles found
Table of Contents (18 chapters)
Mobile Forensics – Advanced Investigative Strategies
Mobile Forensics – Advanced Investigative Strategies
Credits
Credits
Foreword
Foreword
About the Authors
About the Authors
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introducing Mobile Forensics
Introducing Mobile Forensics
Why we need mobile forensics
Available information
Stages of mobile forensics
Summary
2
Acquisition Methods Overview
Acquisition Methods Overview
Over-the-air acquisition
Logical acquisition (backup analysis)
Physical acquisition
JTAG
Chip-off
In-system programming
Summary
3
Acquisition – Approaching Android Devices
Acquisition – Approaching Android Devices
Android platform fragmentation
AOSP, GMS, and their forensic implications
Summary
4
Practical Steps to Android Acquisition
Practical Steps to Android Acquisition
Android physical acquisition
Approaching physical acquisition
Live imaging
Google Account acquisition – over-the-air
Summary
5
iOS – Introduction and Physical Acquisition
iOS – Introduction and Physical Acquisition
iOS forensics – introduction
Tutorial – physical acquisition with Elcomsoft iOS Forensic Toolkit
Summary
6
iOS Logical and Cloud Acquisition
iOS Logical and Cloud Acquisition
Understanding backups - local, cloud, encrypted and unencrypted
Encrypted versus unencrypted iTunes backups
Breaking backup passwords
A fast CPU and a faster video card
Knowing the user helps breaking the password
Tutorial - logical acquisition with Elcomsoft Phone Breaker
Elcomsoft Phone Breaker on a Mac, inside a virtual PC, or via RDP
iOS Cloud forensics - over-the-air acquisition
Tutorial - cloud acquisition with Elcomsoft Phone Breaker
Downloading iCloud/iCloud Drive backups - using authentication tokens
Extracting authentication tokens
Two-factor authentication
What next?
Summary
7
Acquisition – Approaching Windows Phone and Windows 10 Mobile
Acquisition – Approaching Windows Phone and Windows 10 Mobile
Windows Phone security model
Windows Phone physical acquisition
JTAG forensics on Windows Phone 8.x and Windows 10 Mobile
Windows Phone 8/8.1 and Windows 10 Mobile cloud forensics
Acquiring Windows Phone backups over the air
Summary
8
Acquisition – Approaching Windows 8, 8.1, 10, and RT Tablets
Acquisition – Approaching Windows 8, 8.1, 10, and RT Tablets
Windows 8, 8.1, 10, and RT on portable touchscreen devices
Acquisition of Windows tablets
Imaging Built-in eMMC Storage
Booting Windows tablets from recovery media
Acquiring a BitLocker encryption key
Imaging Windows RT tablets
Cloud Acquisition
Summary
9
Acquisition – Approaching BlackBerry
Acquisition – Approaching BlackBerry
The history of the BlackBerry OS - BlackBerry 1.0-7.1
Acquiring BlackBerry 10
Analyzing BlackBerry backups
Summary
10
Dealing with Issues, Obstacles, and Special Cases
Dealing with Issues, Obstacles, and Special Cases
Cloud acquisition and two-factor authentication
Unallocated space
Accessing destroyed evidence in different mobile platforms
Windows Phone 8 and 8.1 – possible for end-user devices with limitations
Windows RT, Windows 8/8.1, and Windows 10
eMMC and deleted data
SD cards
SQLite databases (access to call logs, browsing history, and many more)
Summary
11
Mobile Forensic Tools and Case Studies
Mobile Forensic Tools and Case Studies
Cellebrite
Micro Systemation AB
AccessData
Oxygen Forensic toolkit
Magnet ACQUIRE
BlackBag Mobilyze
ElcomSoft tools
Case studies
BlackBerry scenarios
Summary

Chapter 1. Introducing Mobile Forensics

Today's smartphones are used less for calling and more for socializing; this has resulted in smartphones holding a lot of sensitive data about their users. Mobile devices keep the user's contacts from a variety of sources (including the phone, social networks, instant messaging, and communication applications), information about phone calls, sent and received text messages, and e-mails and attachments. There are also browser logs and cached geolocation information; pictures and videos taken with the phone's camera; passwords to cloud services, forums, social networks, online portals, and shopping websites; stored payment data; and a lot of other information that can be vital for an investigation.

Needless to say, this information is very important for corporate and forensic investigations. In this book, we'll discuss not only how to gain access to all this data, but also what type of data may be available in each particular case.

Tablets are no longer used solely as entertainment devices. Equipped with powerful processors and plenty of storage, even the smallest tablets are capable of running full Windows, complete with the Office suite. While not as popular as smartphones, tablets are still widely used to socialize, communicate, plan events, and book trips.

Some smartphones are equipped with screens as large as 6.4 inches, while many tablets come with the ability to make voice calls over cellular network. All this makes it difficult to draw a line between a phone (or phablet) and a tablet.

Every smartphone on the market has a camera that, unlike a bigger (and possibly better) camera, is always accessible. As a result, an average smartphone contains more photos and videos than a dedicated camera, sometimes, gigabytes of images and video clips.

Smartphones are also storage devices. They can be used (and are used) to keep, carry, and exchange information. Smartphones connected to a corporate network may have access to files and documents not meant to be exposed. Uncontrolled access to corporate networks from employees' smartphones can (and does) cause leaks of highly-sensitive information. Employees come and go. With many companies allowing or even encouraging bring your own device policies, controlling the data that is accessible to those connecting to a corporate network is essential.

Previous Section
End of Section 1
Next Section