Book Image

iOS Forensics for Investigators

By : Gianluca Tiepolo
5 (1)
Book Image

iOS Forensics for Investigators

5 (1)
By: Gianluca Tiepolo

Overview of this book

Professionals working in the mobile forensics industry will be able to put their knowledge to work with this practical guide to learning how to extract and analyze all available data from an iOS device. This book is a comprehensive, how-to guide that leads investigators through the process of collecting mobile devices and preserving, extracting, and analyzing data, as well as building a report. Complete with step-by-step explanations of essential concepts, practical examples, and self-assessment questions, this book starts by covering the fundamentals of mobile forensics and how to overcome challenges in extracting data from iOS devices. Once you've walked through the basics of iOS, you’ll learn how to use commercial tools to extract and process data and manually search for artifacts stored in database files. Next, you'll find out the correct workflows for handling iOS devices and understand how to extract valuable information to track device usage. You’ll also get to grips with analyzing key artifacts, such as browser history, the pattern of life data, location data, and social network forensics. By the end of this book, you'll be able to establish a proper workflow for handling iOS devices, extracting all available data, and analyzing it to gather precious insights that can be reported as prosecutable evidence.

Related Content you might be interested in

Current Title:

Small book image
iOS Forensics for Investigators
Gianluca Tiepolo
May, 2022 | 316 pages
Small book image
Practical Mobile Forensics
Heather Mahalik | Rohit Tamma | Oleg Skulkin | Satish Bommisetty
Apr, 2020 | 400 pages
Small book image
Practical Mobile Forensics
Heather Mahalik | Rohit Tamma | Oleg Skulkin | Satish Bommisetty
Jan, 2018 | 402 pages
Small book image
Mobile Forensics Cookbook
Igor Mikhaylov
Dec, 2017 | 302 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Disclaimer
Get in touch
Share Your Thoughts
1
Section 1 – Data Acquisition from iOS Devices
Section 1 – Data Acquisition from iOS Devices
Free Chapter
2
Chapter 1: Introducing iOS Forensics
Chapter 1: Introducing iOS Forensics
Understanding mobile forensics
Dissecting the iOS operating system
Understanding iOS security
Establishing a workflow
Summary
3
Chapter 2: Data Acquisition from iOS Devices
Chapter 2: Data Acquisition from iOS Devices
Understanding acquisition methods
Jailbreaking the device
Triaging the device
Performing a logical acquisition
Performing a filesystem acquisition
Summary
4
Section 2 – iOS Data Analysis
Section 2 – iOS Data Analysis
5
Chapter 3: Using Forensic Tools
Chapter 3: Using Forensic Tools
Understanding forensic tools
Working with Cellebrite Physical Analyzer
Working with Magnet AXIOM
Using open source tools
Summary
6
Chapter 4: Working with Common iOS Artifacts
Chapter 4: Working with Common iOS Artifacts
Understanding the importance of validation
Working with iOS artifacts
Locating common artifacts
Summary
7
Chapter 5: Pattern-of-Life Forensics
Chapter 5: Pattern-of-Life Forensics
Introducing pattern-of-life forensics
Working with timestamps
Logs, events, and user interaction
Introducing Apollo
Summary
8
Chapter 6: Dissecting Location Data
Chapter 6: Dissecting Location Data
Introducing location data
GPS fixes, cell towers, and Wi-Fi networks
Locating location artifacts
Analyzing location data using forensic tools
Summary
9
Chapter 7: Analyzing Connectivity Data
Chapter 7: Analyzing Connectivity Data
Introducing cellular forensics
Analyzing networking data
Introducing Bluetooth forensics
Understanding Safari forensics
Summary
10
Chapter 8: Email and Messaging Forensics
Chapter 8: Email and Messaging Forensics
Introducing email forensics
Understanding messaging forensics
Introducing third-party messaging apps
Recovering deleted messages
Summary
11
Chapter 9: Photo, Video, and Audio Forensics
Chapter 9: Photo, Video, and Audio Forensics
Introducing media forensics
Analyzing photos and videos
Introducing EXIF metadata
Analyzing user viewing activity
Summary
12
Chapter 10: Analyzing Third-Party Apps
Chapter 10: Analyzing Third-Party Apps
Introducing iOS applications
Dynamic application analysis
Practical third-party applications forensics
Summary
13
Chapter 11: Locked Devices, iTunes Backups, and iCloud Forensics
Chapter 11: Locked Devices, iTunes Backups, and iCloud Forensics
Acquiring locked devices
BFU acquisition of locked devices
Introducing iTunes backups
Introducing iCloud forensics
Summary
14
Section 3 – Reporting
Section 3 – Reporting
15
Chapter 12: Writing a Forensic Report and Building a Timeline
Chapter 12: Writing a Forensic Report and Building a Timeline
Mobile forensics reporting
Creating reports using Cellebrite Physical Analyzer
Introducing timelines
Building a timeline with Magnet AXIOM
Summary
Why subscribe?
16
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

What this book covers

The way this book is organized is to start with an overview of mobile forensics and what you should know about it. The first section goes over the forensic process and discusses different options to acquire data from iOS devices. The second section describes approaches and best practices to analyze the data, such as manually parsing through the artifacts. This section also covers the most popular forensic tools that are used in an examination. The final section of the book discusses how to build a timeline and best practices for the creation of a forensic report.

Chapter 1, Introducing iOS Forensics, introduces the topic of mobile forensics by describing the forensic process and the iOS operating system.

Chapter 2, Data Acquisition from iOS Devices, describes all available options to successfully acquire the data from an iOS device. We'll discuss logical, physical, and filesystem acquisitions, and much more, such as agent-based extractions.

Chapter 3, Using Forensic Tools, describes why forensic tools are important and how an investigator can benefit by using them. The chapter takes an in-depth look at some of the most popular tools, such as Cellebrite Physical Analyzer and Magnet AXIOM.

Chapter 4, Working with Common iOS Artifacts, introduces common artifacts that can be found on iOS devices, such as SQLite databases and Property lists. We'll learn how to identify these artifacts, where to find them, and how to analyze them.

Chapter 5, Pattern-of-Life Forensics, focuses on artifacts that can help an investigator understand a user's day-to-day activities, such as what apps were used and for how long.

Chapter 6, Dissecting Location Data, is all about extracting, analyzing, and understanding location-related artifacts.

Chapter 7, Analyzing Connectivity Data, discusses cellular forensics, networking data, Bluetooth and Wi-Fi artifacts, and browsing history.

Chapter 8, Email and Messaging Forensics, describes different email clients and messaging applications and how to analyze their data.

Chapter 9, Photo, Video, and Audio Forensics, dives deep into multimedia forensics.

Chapter 10, Analyzing Third-Party Apps, introduces third-party applications. You will learn how to analyze any kind of application and how to quickly locate artifacts from the most popular iOS apps.

Chapter 11, Locked Devices, iTunes Backups, and Cloud Forensics, discusses more advanced topics, such as working with locked devices and extracting forensic data from iCloud.

Chapter 12, Writing a Forensic Report and Building a Timeline, puts together all the knowledge acquired in the previous chapters by teaching you how to produce a comprehensive timeline report.

Previous Section
Next Section