E-book
Practical mobile forensics : forensically investigate and analyze iOS, Android, and Windows 10 devices / Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty.
Covering up-to-date mobile platforms, this book focuses on teaching you the most recent tools and techniques for investigating mobile devices. Readers will delve into a variety of mobile forensics techniques for iOS 11-13, Android 8-10 devices, and Windows 10.
Record details
- ISBN: 1838644423
- ISBN: 9781838644420
- Physical Description: 1 online resource
- Edition: Fourth edition.
- Publisher: Birmingham, UK : Packt Publishing, 2020.
Content descriptions
| Formatted Contents Note: | Cover -- Title Page -- Copyright and Credits -- About Packt -- Contributors -- Table of Contents -- Preface -- Chapter 01: Introduction to Mobile Forensics -- The need for mobile forensics -- Understanding mobile forensics -- Challenges in mobile forensics -- The mobile phone evidence extraction process -- The evidence intake phase -- The identification phase -- The legal authority -- Data that needs to be extracted -- The make, model, and identifying information for the device -- Data storage media -- Other sources of potential evidence -- The preparation phase -- The isolation phase The processing phase -- The verification phase -- The documenting and reporting phase -- The archiving phase -- Practical mobile forensic approaches -- Understanding mobile operating systems -- Android -- iOS -- Windows Phone -- Mobile forensic tool leveling system -- Manual extraction -- Logical analysis -- Hex dump -- Chip-off -- Micro read -- Data acquisition methods -- Physical acquisition -- Logical acquisition -- Manual acquisition -- Potential evidence stored on mobile phones -- Examination and analysis -- Rules of evidence -- Good forensic practices -- Securing the evidence Preserving the evidence -- Documenting the evidence and changes -- Reporting -- Summary -- Section 1: iOS Forensics -- Chapter 02: Understanding the Internals of iOS Devices -- iPhone models and hardware -- Identifying the correct hardware model -- Understanding the iPhone hardware -- iPad models and hardware -- Understanding the iPad hardware -- The HFS Plus and APFS filesystems -- The HFS Plus filesystem -- The HFS Plus volume -- The APFS filesystem -- The APFS structure -- Disk layout -- The iPhone OS -- The iOS architecture -- iOS security -- Passcodes, Touch ID, and Face ID -- Code signing Sandboxing -- Encryption -- Data protection -- Address Space Layout Randomization (ASLR) -- Privilege separation -- Stack-smashing protection -- Data Execution Prevention (DEP) -- Data wiping -- Activation Lock -- The App Store -- Jailbreaking -- Summary -- Chapter 03: Data Acquisition from iOS Devices -- Operating modes of iOS devices -- Normal mode -- Recovery mode -- DFU mode -- Setting up the forensic environment -- Password protection and potential bypasses -- Logical acquisition -- Practical logical acquisition with libimobiledevice Practical logical acquisition with the Belkasoft Acquisition Tool -- Practical logical acquisition with Magnet ACQUIRE -- Filesystem acquisition -- Practical jailbreaking -- Practical filesystem acquisition with free tools -- Practical filesystem acquisition with Elcomsoft iOS Forensic Toolkit -- Summary -- Chapter 04: Data Acquisition from iOS Backups -- Working with iTunes backups -- Creating and analyzing backups with iTunes -- Understanding the backup structure -- info.plist -- manifest.plist -- status.plist -- manifest.db -- Extracting unencrypted backups -- iBackup Viewer -- iExplorer |
