eBook - ePub
Practical Mobile Forensics
Forensically investigate and analyze iOS, Android, and Windows 10 devices, 4th Edition
Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty
This is a test
Buch teilen
- 400 Seiten
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
eBook - ePub
Practical Mobile Forensics
Forensically investigate and analyze iOS, Android, and Windows 10 devices, 4th Edition
Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Über dieses Buch
Become well-versed with forensics for the Android, iOS, and Windows 10 mobile platforms by learning essential techniques and exploring real-life scenarios
Key Features
- Apply advanced forensic techniques to recover deleted data from mobile devices
- Retrieve and analyze data stored not only on mobile devices but also on the cloud and other connected mediums
- Use the power of mobile forensics on popular mobile platforms by exploring different tips, tricks, and techniques
Book Description
Mobile phone forensics is the science of retrieving data from a mobile phone under forensically sound conditions. This updated fourth edition of Practical Mobile Forensics delves into the concepts of mobile forensics and its importance in today's world.
The book focuses on teaching you the latest forensic techniques to investigate mobile devices across various mobile platforms. You will learn forensic techniques for multiple OS versions, including iOS 11 to iOS 13, Android 8 to Android 10, and Windows 10. The book then takes you through the latest open source and commercial mobile forensic tools, enabling you to analyze and retrieve data effectively. From inspecting the device and retrieving data from the cloud, through to successfully documenting reports of your investigations, you'll explore new techniques while building on your practical knowledge. Toward the end, you will understand the reverse engineering of applications and ways to identify malware. Finally, the book guides you through parsing popular third-party applications, including Facebook and WhatsApp.
By the end of this book, you will be proficient in various mobile forensic techniques to analyze and extract data from mobile devices with the help of open source solutions.
What you will learn
- Discover new data extraction, data recovery, and reverse engineering techniques in mobile forensics
- Understand iOS, Windows, and Android security mechanisms
- Identify sensitive files on every mobile platform
- Extract data from iOS, Android, and Windows platforms
- Understand malware analysis, reverse engineering, and data analysis of mobile devices
- Explore various data recovery techniques on all three mobile platforms
Who this book is for
This book is for forensic examiners with basic experience in mobile forensics or open source solutions for mobile forensics. Computer security professionals, researchers or anyone looking to gain a deeper understanding of mobile internals will also find this book useful. Some understanding of digital forensic practices will be helpful to grasp the concepts covered in the book more effectively.
Häufig gestellte Fragen
Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Practical Mobile Forensics als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Practical Mobile Forensics von Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Informatik & Hardware. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.
Information
Section 1: iOS Forensics
This section will provide you with an overview of iOS devices such as iPhones and iPads, as well as an overview of the operating systems and filesystems they run. You will learn about the different types of forensic acquisition methods, including logical acquisition and filesystem acquisition, the process of jailbreaking, performing forensic analysis on the most common artifact sources, and how to work with popular mobile forensic software.
This section will consist of the following chapters:
- Chapter 2, Understanding the Internals of iOS Devices
- Chapter 3, Data Acquisition from iOS Devices
- Chapter 4, Data Acquisition from iOS Backups
- Chapter 5, iOS Data Analysis and Recovery
- Chapter 6, iOS Forensic Tools
Understanding the Internals of iOS Devices
According to Apple, there were 1.4 billion active Apple devices in 2019, 900 million of which were running on iOS. While iOS is the leading operating system (OS) for tablets worldwide, Android continues to be the leading OS for smartphones. Regardless of the statistics, if you are a forensic examiner, the chances are that you will need to conduct an examination of an iOS device.
In order to perform a forensic examination of an iOS device, you as the examiner must understand the internal components and inner workings of that device. Developing an understanding of the underlying components of a mobile device will help you understand the criticalities involved in the forensic process, including what data can be acquired, where the data is stored, and what methods can be used to access the data from that device. So, before we delve into the examination of iOS devices, it is necessary to gain an understanding of the different models that exist and their internal components. Throughout this book, we will perform forensic acquisition and analysis on iOS devices, including the iPhone, iPad, and Apple Watch.
The goal of this chapter is to introduce you to iOS device technology. We will cover details that may often get overlooked but will help you during your forensic investigation. You must understand the different iOS devices and how data is stored on these devices before you can successfully extract it.
In this chapter, we will cover the following topics in detail:
- iPhone models and hardware
- iPad models and hardware
- The Hierarchical File System (HFS) Plus and Apple File System (APFS) filesystems
- The iPhone OS
iPhone models and hardware
The iPhone is among the most popular smartphones on the market. Apple released the first-generation iPhone in June 2007. Since the first release, the iPhone became extremely popular due to its many groundbreaking features and usability. The introduction of the iPhone has since redefined the entire world of mobile computing. Consumers have started looking for faster and more efficient phones. Various iPhone models now exist, with different features and storage capabilities to serve consumer requirements.
The iPhones released since the third edition of Practical Mobile Forensics—the iPhone XR, XS, XS Max, 11, and 11 Pro—can be challenging when it comes to dealing with filesystem forensic acquisition methods. Just like the devices released since the iPhone 5, there is no method or tool available to physically recover data from these devices, unless they are jailbroken. However, logical acquisition can be obtained if the iPhone is unlocked. Acquisition methods for data extraction are available and will be discussed in Chapter 3, Data Acquisition from iOS Devices, and Chapter 4, Data Acquisition from iOS Backups. Now, let's learn how to identify the correct hardware model.
Identifying the correct hardware model
Before examining an iPhone, it is necessary to identify the correct hardware model and the firmware version installed on the device. Knowing the iPhone's details helps you to understand the criticalities and possibilities of obtaining evidence from an iPhone. For example, in many cases, the device passcode is required in order to obtain a logical image. Depending on the iOS version, device model, and passcode complexity, it may be possible to obtain the device passcode using a brute-force attack.
There are various ways to identify the hardware of a device. The easiest way to identify the hardware of some devices is to observe the model number displayed on the back of the device. To make this task even simpler, you can use Apple's Knowledge Base articles. More information on iPhone models can be found at https://support.apple.com/en-in/HT201296.
The firmware version of an iPhone can be found by accessing the Settings option and then navigating to General | About | Software Version, as shown in the following screenshot. The purpose of the firmware is to enable certain features and assist with the general functioning of the device:
The iPhone About screen, displaying the software version 13.2
Alternatively, the ideviceinfo command-line tool that is available in the libimobiledevice software library (http://www.libimobiledevice.org/) can be used to identify the iPhone model and its iOS version.
To obtain the iPhone model and its iOS version information on a Windows 10 workstation, follow these steps:
- Download the latest binaries from the following link: https://dev.azure.com/libimobiledevice-win32/imobiledevice-net/_build/results?buildId=419 (click on Artifacts | Binaries to start downloading).
- Unzip the archive with x86 or x64 binaries, depending on your workstation's version.
- Open Command Prompt and change the directory to the one with binaries (use the cd command for this).
- Connect the iPhone to your workstation using a Universal Serial Bus (USB) cable (for the latest iOS versions, the passcode is also required), and run the ideviceinfo command with the -s option, as shown in the following code:
$ ideviceinfo -s The output of the ideviceinfo command displays the iPhone identifier, its internal name, and the iOS version, as shown in the following screenshot:
The output from ideviceinfo displaying firmware version 13.2
Some other tools, such as iExplorer, will provide access to...