eBook - ePub
Practical Mobile Forensics
Satish Bommisetty, Rohit Tamma, Heather Mahalik
This is a test
Buch teilen
- 328 Seiten
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
eBook - ePub
Practical Mobile Forensics
Satish Bommisetty, Rohit Tamma, Heather Mahalik
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Über dieses Buch
In Detail
With the advent of smartphones, the usage and functionality of mobile devices has grown enormously along with the sensitive information contained in these devices. Law enforcement agencies around the world have realized the importance of evidence present on a mobile device and how it can influence the outcome of an investigation.
Practical Mobile Forensics explains mobile forensic techniques on the iOS, Android, Windows, and BlackBerry platforms. You will learn the fundamentals of mobile forensics, and different techniques to extract data from a device, recover deleted data, bypass the screen lock mechanisms, and various other tools that aid in a forensic examination.
This book will teach you everything you need to know to forensically examine a mobile device. The techniques described are not only useful for budding forensic investigators, but will also come in handy for those who may want to recover accidentally deleted data.
Approach
The book is an easy-to-follow guide with clear instructions on various mobile forensic techniques. The chapters and the topics within are structured for a smooth learning curve, which will swiftly empower you to master mobile forensics.
Who this book is for
If you are a budding forensic analyst, consultant, engineer, or a forensic professional wanting to expand your skillset, this is the book for you. The book will also be beneficial to those with an interest in mobile forensics or wanting to find data lost on mobile devices. It will be helpful to be familiar with forensics in general but no prior experience is required to follow this book.
Häufig gestellte Fragen
Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Practical Mobile Forensics als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Practical Mobile Forensics von Satish Bommisetty, Rohit Tamma, Heather Mahalik im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Law & Law Theory & Practice. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.
Information
Practical Mobile Forensics
Table of Contents
Practical Mobile Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of the book
Errata
Piracy
Questions
1. Introduction to Mobile Forensics
Mobile forensics
Mobile forensic challenges
Mobile phone evidence extraction process
The evidence intake phase
The identification phase
The legal authority
The goals of the examination
The make, model, and identifying information for the device
Removable and external data storage
Other sources of potential evidence
The preparation phase
The isolation phase
The processing phase
The verification phase
Comparing extracted data to the handset data
Using multiple tools and comparing the results
Using hash values
The document and reporting phase
The presentation phase
The archiving phase
Practical mobile forensic approaches
Mobile operating systems overview
Android
iOS
Windows phone
BlackBerry OS
Mobile forensic tool leveling system
Manual extraction
Logical extraction
Hex dump
Chip-off
Micro read
Data acquisition methods
Physical acquisition
Logical acquisition
Manual acquisition
Potential evidence stored on mobile phones
Rules of evidence
Admissible
Authentic
Complete
Reliable
Believable
Good forensic practices
Securing the evidence
Preserving the evidence
Documenting the evidence
Documenting all changes
Summary
2. Understanding the Internals of iOS Devices
iPhone models
iPhone hardware
iPad models
iPad hardware
File system
The HFS Plus file system
The HFS Plus volume
Disk layout
iPhone operating system
iOS history
1.x – the first iPhone
2.x – App Store and 3G
3.x – the first iPad
4.x – Game Center and multitasking
5.x – Siri and iCloud
6.x – Apple Maps
7.x – the iPhone 5S and beyond
The iOS architecture
The Cocoa Touch layer
The Media layer
The Core Services layer
The Core OS layer
iOS security
Passcode
Code signing
Sandboxing
Encryption
Data protection
Address Space Layout Randomization
Privilege separation
Stack smashing protection
Data execution prevention
Data wipe
Activation Lock
App Store
Jailbreaking
Summary
3. Data Acquisition from iOS Devices
Operating modes of iOS devices
Normal mode
Recovery mode
DFU mode
Physical acquisition
Acquisition via a custom ramdisk
The forensic environment setup
Downloading and installing the ldid tool
Verifying the codesign_allocate tool path
Installing OSXFuse
Installing Python modules
Downloading iPhone Data Protection Tools
Building the IMG3FS tool
Downloading redsn0w
Creating and loading the forensic toolkit
Downloading the iOS firmware file
Modifying the kernel
Building a custom ramdisk
Booting the custom ramdisk
Establishing communication with the device
Bypassing the passcode
Imaging the data partition
Decrypting the data partition
Recovering the deleted data
Acquisition via jailbreaking
Summary
4. Data Acquisition from iOS Backups
iTunes backup
Pairing records
Understanding the backup structure
info.plist
manifest.plist
status.plist
manifest.mbdb
Header
Record
Unencrypted backup
Extracting unencrypted backups
iPhone Backup Extractor
iPhone Backup Browser
iPhone Data Protection Tools
Decrypting the keychain
Encrypted backup
Extracting encrypted backups
iPhone Data Protection Tools
Decrypting the keychain
iPhone Password Breaker
iCloud backup
Extracting iCloud backups
Summary
5. iOS Data Analysis and Recovery
Timestamps
Unix timestamps
Mac absolute time
SQLite databases
Connecting to a database
SQLite special commands
Standard SQL queries
Important database files
Address book contacts
Address book images
Call history
SMS messages
SMS Spotlight cache
Calendar events
E-mail database
Notes
Safari bookmarks
The Safari web caches
The web application cache
The WebKit storage
The photos metadata
Consolidated GPS cache
Voicemail
Property lists
Important plist files
The HomeDomain plist files
The RootDomain plist files
The WirelessDomain plist files
The SystemPreferencesDomain plist files
Other important files
Cookies
Keyboard cache
Photos
Wallpaper
Snapshots
Recordings
Downloaded applications
Recovering deleted SQLite records
Summary
6. iOS Forensic Tools
Elcomsoft iOS Forensic Toolkit
Features of EIFT
Usage of EIFT
Guided mode
Manual mode
EIFT-supported devices
Compatibility notes
Oxygen Forensic Suite 2014
Features of Oxygen Forensic Suite
Usage of Oxygen Forensic Suite
Oxygen Forensic Suite 2014 supported devices
Cellebrite UFED Physical Analyzer
Features of Cellebrite UFED Physical Analyzer
Usage of Cellebrite UFED Physical Analyzer
Supported devices
Paraben iRecovery Stick
Features of Paraben iRecovery Stick
Usage of Paraben iRecovery Stick
Devices supported by Paraben iRecovery Stick
Open source or free methods
Summary
7. Understanding Android
The Android model
The Linux kernel layer
Libraries
Dalvik virtual machine
The application framework layer
The applications layer
Android security
Secure kernel
The permission ...