Book Image

Mobile Forensics ??? Advanced Investigative Strategies

By : Afonin, Katalov
Book Image

Mobile Forensics ??? Advanced Investigative Strategies

By: Afonin, Katalov

Overview of this book

Investigating digital media is impossible without forensic tools. Dealing with complex forensic problems requires the use of dedicated tools, and even more importantly, the right strategies. In this book, you’ll learn strategies and methods to deal with information stored on smartphones and tablets and see how to put the right tools to work. We begin by helping you understand the concept of mobile devices as a source of valuable evidence. Throughout this book, you will explore strategies and "plays" and decide when to use each technique. We cover important techniques such as seizing techniques to shield the device, and acquisition techniques including physical acquisition (via a USB connection), logical acquisition via data backups, over-the-air acquisition. We also explore cloud analysis, evidence discovery and data analysis, tools for mobile forensics, and tools to help you discover and analyze evidence. By the end of the book, you will have a better understanding of the tools and methods used to deal with the challenges of acquiring, preserving, and extracting evidence stored on smartphones, tablets, and the cloud.
Table of Contents (12 chapters)

Acquiring Windows Phone backups over the air


Elcomsoft Phone Breaker allows downloading Windows Phone data backed up in the cloud under the user's Microsoft account (provided that you know the user's Microsoft account login and password).

To download Windows Phone data from Microsoft OneDrive, perform the following steps:

  1. In the Tools menu, select the Microsoft tab, and click on Download Windows Phone data:

  2. Define the User name and Password for the Microsoft account that was used for backing the data up. Toggle the view button to display or hide the password:

  3. Select a location for saving data downloaded from the Microsoft account.

    • Click on Change user to access data stored under a different Microsoft account

    • Click on Download to start downloading data:

  4. The download process begins. You can view the number of processed files and the number of errors received during decryption:

  5. When the decryption is finished, you can view the backup in the location on the local computer to which it was saved...