Book Image

iOS Forensics for Investigators

By : Gianluca Tiepolo
5 (1)
Book Image

iOS Forensics for Investigators

5 (1)
By: Gianluca Tiepolo

Overview of this book

Professionals working in the mobile forensics industry will be able to put their knowledge to work with this practical guide to learning how to extract and analyze all available data from an iOS device. This book is a comprehensive, how-to guide that leads investigators through the process of collecting mobile devices and preserving, extracting, and analyzing data, as well as building a report. Complete with step-by-step explanations of essential concepts, practical examples, and self-assessment questions, this book starts by covering the fundamentals of mobile forensics and how to overcome challenges in extracting data from iOS devices. Once you've walked through the basics of iOS, you’ll learn how to use commercial tools to extract and process data and manually search for artifacts stored in database files. Next, you'll find out the correct workflows for handling iOS devices and understand how to extract valuable information to track device usage. You’ll also get to grips with analyzing key artifacts, such as browser history, the pattern of life data, location data, and social network forensics. By the end of this book, you'll be able to establish a proper workflow for handling iOS devices, extracting all available data, and analyzing it to gather precious insights that can be reported as prosecutable evidence.

Related Content you might be interested in

Current Title:

Small book image
iOS Forensics for Investigators
Gianluca Tiepolo
May, 2022 | 316 pages
Small book image
Practical Mobile Forensics
Heather Mahalik | Rohit Tamma | Oleg Skulkin | Satish Bommisetty
Apr, 2020 | 400 pages
Small book image
Practical Mobile Forensics
Heather Mahalik | Rohit Tamma | Oleg Skulkin | Satish Bommisetty
Jan, 2018 | 402 pages
Small book image
Mobile Forensics Cookbook
Igor Mikhaylov
Dec, 2017 | 302 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Disclaimer
Get in touch
Share Your Thoughts
1
Section 1 – Data Acquisition from iOS Devices
Section 1 – Data Acquisition from iOS Devices
Free Chapter
2
Chapter 1: Introducing iOS Forensics
Chapter 1: Introducing iOS Forensics
Understanding mobile forensics
Dissecting the iOS operating system
Understanding iOS security
Establishing a workflow
Summary
3
Chapter 2: Data Acquisition from iOS Devices
Chapter 2: Data Acquisition from iOS Devices
Understanding acquisition methods
Jailbreaking the device
Triaging the device
Performing a logical acquisition
Performing a filesystem acquisition
Summary
4
Section 2 – iOS Data Analysis
Section 2 – iOS Data Analysis
5
Chapter 3: Using Forensic Tools
Chapter 3: Using Forensic Tools
Understanding forensic tools
Working with Cellebrite Physical Analyzer
Working with Magnet AXIOM
Using open source tools
Summary
6
Chapter 4: Working with Common iOS Artifacts
Chapter 4: Working with Common iOS Artifacts
Understanding the importance of validation
Working with iOS artifacts
Locating common artifacts
Summary
7
Chapter 5: Pattern-of-Life Forensics
Chapter 5: Pattern-of-Life Forensics
Introducing pattern-of-life forensics
Working with timestamps
Logs, events, and user interaction
Introducing Apollo
Summary
8
Chapter 6: Dissecting Location Data
Chapter 6: Dissecting Location Data
Introducing location data
GPS fixes, cell towers, and Wi-Fi networks
Locating location artifacts
Analyzing location data using forensic tools
Summary
9
Chapter 7: Analyzing Connectivity Data
Chapter 7: Analyzing Connectivity Data
Introducing cellular forensics
Analyzing networking data
Introducing Bluetooth forensics
Understanding Safari forensics
Summary
10
Chapter 8: Email and Messaging Forensics
Chapter 8: Email and Messaging Forensics
Introducing email forensics
Understanding messaging forensics
Introducing third-party messaging apps
Recovering deleted messages
Summary
11
Chapter 9: Photo, Video, and Audio Forensics
Chapter 9: Photo, Video, and Audio Forensics
Introducing media forensics
Analyzing photos and videos
Introducing EXIF metadata
Analyzing user viewing activity
Summary
12
Chapter 10: Analyzing Third-Party Apps
Chapter 10: Analyzing Third-Party Apps
Introducing iOS applications
Dynamic application analysis
Practical third-party applications forensics
Summary
13
Chapter 11: Locked Devices, iTunes Backups, and iCloud Forensics
Chapter 11: Locked Devices, iTunes Backups, and iCloud Forensics
Acquiring locked devices
BFU acquisition of locked devices
Introducing iTunes backups
Introducing iCloud forensics
Summary
14
Section 3 – Reporting
Section 3 – Reporting
15
Chapter 12: Writing a Forensic Report and Building a Timeline
Chapter 12: Writing a Forensic Report and Building a Timeline
Mobile forensics reporting
Creating reports using Cellebrite Physical Analyzer
Introducing timelines
Building a timeline with Magnet AXIOM
Summary
Why subscribe?
16
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Chapter 1: Introducing iOS Forensics

Over the past decade, smartphones have undergone a profound revolution, impacting our lives in all possible ways: our devices are no longer just smart phones – they have become data hubs that store all kinds of information from our digital (and not so digital) life.

Today, from the palm of our hand, we can surf the web, buy theater tickets, get food delivered to our door, or call an Uber. We're using our devices to read eBooks, take notes, engage in creative tasks, and share our lives with our followers through social media. We have progressively replaced our digital cameras with our iPhone camera roll. Smartphones can keep track of physical activity, interact with external devices, give us directions, and remind us of that important meeting that we might forget. We use productivity apps to get stuff done and we make payments using Apple Pay. And – of course – we use our iPhones to get in touch with people on the other side of the world. With the massive spread of iPads and tablets in general, our devices are no longer just communication devices. They have become an almost unlimited content platform where we can enjoy movies, TV series, or simply listen to our favorite music.

To be able to provide these amazing features, mobile devices collect huge amounts of data that is processed by iOS and sometimes synced to iCloud. This information documents and reveals the thoughts and activity of a user substantially more than any data stored in any desktop computer.

Mobile forensics is all about collecting this data, preserving it, assessing it, validating it, and extracting meaningful insights that can be presented as evidence.

In this chapter, we will cover the following topics:

  • Understanding mobile forensics
  • Dissecting the iOS operating system
  • Understanding iOS security
  • Establishing a workflow
Previous Section
End of Section 1
Next Section