Practical Mobile Forensics - Fourth Edition

By : Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty

5 (1)

Buy this Book

Practical Mobile Forensics - Fourth Edition

5 (1)

By: Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty

Buy this Book

Overview of this book

Mobile phone forensics is the science of retrieving data from a mobile phone under forensically sound conditions. This updated fourth edition of Practical Mobile Forensics delves into the concepts of mobile forensics and its importance in today's world. The book focuses on teaching you the latest forensic techniques to investigate mobile devices across various mobile platforms. You will learn forensic techniques for multiple OS versions, including iOS 11 to iOS 13, Android 8 to Android 10, and Windows 10. The book then takes you through the latest open source and commercial mobile forensic tools, enabling you to analyze and retrieve data effectively. From inspecting the device and retrieving data from the cloud, through to successfully documenting reports of your investigations, you'll explore new techniques while building on your practical knowledge. Toward the end, you will understand the reverse engineering of applications and ways to identify malware. Finally, the book guides you through parsing popular third-party applications, including Facebook and WhatsApp. By the end of this book, you will be proficient in various mobile forensic techniques to analyze and extract data from mobile devices with the help of open source solutions.

Preface

Who this book is for

What this book covers

To get the most out of this book

Disclaimer

Get in touch

Introduction to Mobile Forensics

The need for mobile forensics

Understanding mobile forensics

Challenges in mobile forensics

The mobile phone evidence extraction process

Practical mobile forensic approaches

Potential evidence stored on mobile phones

Examination and analysis

Rules of evidence

Good forensic practices

Summary

Free Chapter

Section 1: iOS Forensics

Understanding the Internals of iOS Devices

iPhone models and hardware

iPad models and hardware

The HFS Plus and APFS filesystems

The iPhone OS

Summary

Data Acquisition from iOS Devices

Operating modes of iOS devices

Password protection and potential bypasses

Logical acquisition

Filesystem acquisition

Summary

Data Acquisition from iOS Backups

Working with iTunes backups

Creating and analyzing backups with iTunes

Extracting unencrypted backups

Handling encrypted backup files

Working with iCloud backups

Summary

iOS Data Analysis and Recovery

Interpreting iOS timestamps

Working with SQLite databases

Key artifacts – important iOS database files

Property lists

Other important files

Recovering deleted SQLite records

Summary

iOS Forensic Tools

Working with Cellebrite UFED Physical Analyzer

Working with Magnet AXIOM

Working with Belkasoft Evidence Center

Working with Elcomsoft Phone Viewer

Summary

Section 2: Android Forensics

Understanding Android

The evolution of Android

The Android architecture

Android security

The Android file hierarchy

The Android filesystem

Summary

Android Forensic Setup and Pre-Data Extraction Techniques

Setting up a forensic environment for Android

Connecting an Android device to a workstation

Screen lock bypassing techniques

Gaining root access

Summary

Android Data Extraction Techniques

Understanding data extraction techniques

Manual data extraction

Logical data extraction

Physical data extraction

Summary

Android Data Analysis and Recovery

Analyzing and extracting data from Android image files using the Autopsy tool

Understanding techniques to recover deleted files from the SD card and the internal memory

Summary

Android App Analysis, Malware, and Reverse Engineering

Analyzing widely used Android apps to retrieve valuable data

Techniques to reverse engineer an Android application

Android malware

Summary

Section 3: Windows Forensics and Third-Party Apps

Windows Phone Forensics

Windows Phone OS

Windows 10 Mobile security model

Windows Phone filesystem

Data acquisition

Commercial forensic tool acquisition methods

Extracting data without the use of commercial tools

Key artifacts for examination

Summary

Parsing Third-Party Application Files

Introduction to third-party applications

iOS, Android, and Windows Phone application data storage

Forensic methods used to extract third-party application data

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 (1)

5 star

100%

4 star

3 star

2 star

1 star

Recovering deleted SQLite records

SQLite databases store the deleted records within the database itself, so it is possible to recover deleted data, such as contacts, SMS messages, calendars, notes, email, voicemail, and more by parsing the corresponding SQLite database. If an SQLite database is vacuumed or defragmented, the likelihood of recovering the deleted data is minimal. The amount of cleanup that these databases require relies heavily on the iOS version, the device, and the user's settings on the device.

A SQLite database file comprises one or more fixed-size pages, which are used just once. SQLite uses a B-tree layout of pages to store indices and table content. Detailed information on the B-tree layout can be found at https://github.com/NotionalLabs/SQLiteZer/blob/master/_resources/Sqlite_carving_extractAndroidData.pdf.

Commercial forensic tools provide support to...

Practical Mobile Forensics - Fourth Edition

By : Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty

Practical Mobile Forensics - Fourth Edition

By: Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty

Overview of this book

Related Content you might be interested in

Current Title:

Practical Mobile Forensics - Fourth Edition

Learning Android Forensics

iOS Forensics for Investigators

Mobile Forensics Cookbook