Practical Mobile Forensics,
eBook - ePub

Practical Mobile Forensics,

Heather Mahalik, Satish Bommisetty, Oleg Skulkin, Rohit Tamma, Igor Mikhaylov

Compartir libro
  1. 402 páginas
  2. English
  3. ePUB (apto para móviles)
  4. Disponible en iOS y Android
eBook - ePub

Practical Mobile Forensics,

Heather Mahalik, Satish Bommisetty, Oleg Skulkin, Rohit Tamma, Igor Mikhaylov

Detalles del libro
Vista previa del libro
Índice
Citas

Información del libro

Investigate, analyze, and report iOS, Android, and Windows devices

Key Features

  • Get hands-on experience in performing simple to complex mobile forensics techniques.
  • Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums.
  • A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.

Book Description

Covering up-to-date mobile platforms, this book will focuses on teaching you the most recent techniques for investigating mobile devices. We delve mobile forensics techniques in iOS 9-11, Android 7-8 devices, and Windows 10. We will demonstrate the latest open source and commercial mobile forensics tools, enabling you to analyze and retrieve data effectively. You will learn how to introspect and retrieve data from the cloud, and document and prepare reports of your investigations.

By the end of this book, you will have mastered the current operating systems and the relevant techniques to recover data from mobile devices by leveraging open source solutions.

What you will learn

  • Discover the new techniques in practical mobile forensics
  • Understand the architecture and security mechanisms present in iOS and Android platforms
  • Identify sensitive files on the iOS and Android platforms
  • Set up a forensic environment
  • Extract data from the iOS and Android platforms
  • Recover data on the iOS and Android platforms
  • Understand the forensics of Windows devices
  • Explore various third-party application techniques and data recovery techniques

Who this book is for

If you are a forensics professional and are eager to widen your forensics skill set to mobile forensics then, this book is for you. Some understanding of digital forensics practices would do wonders.

Preguntas frecuentes

¿Cómo cancelo mi suscripción?
Simplemente, dirígete a la sección ajustes de la cuenta y haz clic en «Cancelar suscripción». Así de sencillo. Después de cancelar tu suscripción, esta permanecerá activa el tiempo restante que hayas pagado. Obtén más información aquí.
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es Practical Mobile Forensics, un PDF/ePUB en línea?
Sí, puedes acceder a Practical Mobile Forensics, de Heather Mahalik, Satish Bommisetty, Oleg Skulkin, Rohit Tamma, Igor Mikhaylov en formato PDF o ePUB, así como a otros libros populares de Informatik y Hardware. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.

Información

Editorial
Packt Publishing
Año
2018
ISBN
9781788835909
Edición
3
Categoría
Informatik
Categoría
Hardware

Android Forensic Setup and Pre-Data Extraction Techniques

In the previous chapter, we covered the fundamentals of Android architecture, security features, filesystems, and other capabilities. Having an established forensic environment before the start of an examination is important, as it ensures that the data is protected while the examiner maintains control of the workstation. This chapter will explain the process of, and what to consider when, setting up a digital forensic examination environment. It is paramount that the examiner maintains control of the forensic environment at all times; this prevents the introduction of contaminants that could affect the forensic investigation.
We will cover the following topics in this chapter:
  • Setting up a forensic environment
  • Connecting the device and accessing it from a workstation
  • Screen lock bypass techniques
  • Gaining root access to the device

Setting up the forensic environment for Android

A forensic examiner may encounter a wide range of mobiles over the course of their investigation. Hence, it is necessary to have a basic environment set up, on top of which he can build based on the requirements. It is also very important that the forensic expert maintains complete control over the environment at all times, to avoid any unexpected situations. Setting up a proper lab environment is an essential part of the forensic process. The Android forensic setup usually involves the following steps:
  • Start with a fresh or forensically sterile computer environment. This means that other data is either not present on the system or is contained in a manner that prevents it from contaminating the present investigation.
  • Install the basic software necessary to connect to the device. Android forensic tools and methodologies will work on Windows, Linux, and OS X platforms.
  • Obtain access to the device. An examiner must be able to enable settings or bypass them in order to allow the data to be extracted from the Android device.
  • Issue commands to the device through the methods defined in this chapter and in Chapter 9, Android Data Extraction Techniques.
The following sections provide guidance on setting up a basic Android forensic workstation.

The Android Software Development Kit

The Android Software Development Kit (SDK) helps the development world to build, test, and debug applications to run on Android. This is achieved by providing the tools necessary to create the applications. However, along with this, it also provides valuable documentation and other tools that can be of great help during the investigation of an Android device.
A good understanding of the Android SDK will help you to get to grips with the particulars of a device and the data on the device.
The Android SDK consists of software libraries, APIs, tools, emulators, and other reference material. It can be downloaded for free from: https://developer.android.com/studio/index.html.
During a forensic investigation, the SDK helps connect to and access the data on the Android device. The Android SDK is updated very frequently, so it's important to verify that your workstation also remains up-to-date. The Android SDK can run on Windows, Linux, and OS X.

The Android SDK installation

A working installation of the Android SDK is a must during the investigation of a forensic device. Most websites recognize the operating system on the computer and will prompt you to download the correct Android SDK. Unlike Android Studio, the SDK tools package only includes the core SDK tools, which you can access from the command line.
The following is a step-by-step procedure to install the Android SDK on a Windows 7 machine:
  1. Before you install the Android SDK, make sure that your system has Java Development Kit installed, because the Android SDK relies on Java SE Development Kit (JDK).
JDK can be downloaded from: http://www.oracle.com/technetwork/java/javase/downloads/index.html.
  1. Download the latest version of the Android SDK from: https://developer.android.com/studio/index.html. The installer version of the SDK is recommended for this purpose.
  1. Run the installer file, which we downloaded in the previous step. You will see a wizard window, as seen in the following screenshot. After this, run through the routine Next steps that you encounter:
Android SDK Tools setup wizard
  1. The installation location is the user's choice and must be remembered for future access. In this example, we will install it in the C:\ folder. Click on the Install button and choose the location (say, C:\android-sdk). The necessary files will be extracted to this folder.
  2. Open the directory (C:\android-sdk) and double-click on SDK Manager.exe to begin the update process. Make sure that you select Android SDK Platform tools and any one release platform version of Android, as shown in the following screenshot. Some of the items in the list are chosen by default. For instance, it is necessary to install the USB driver in order to work with Android devices in Windows. In our example, Google USB Driver is selected. Similarly, you can find other items under the Extras section. Accept the license and click on Install, as shown in the following screenshot:
Android SDK license
This completes the Android SDK installation. You can also update the system's environment variables (path) by pointing to the executable files so that you can avoid navigating to the SDK folder every time you need to execute a command. This can be done by navigating to Control Panel | System | Advanced Settings | Environment Variables and then adding an SDK path to it.
The installation of the Android SDK on OS X and Linux may vary. Make sure that you follow all the steps provided with the SDK download for full functionality.

An Android Virtual Device

Once the Android SDK is installed along with the release platform, you can create an Android Virtual Device (or AVD, also called an emulator), which is often used by developers when creating new applications. However, an emulator has significance from a forensic perspective, too. Emulators are useful when trying to understand how applications behave and execute on a device. This could be helpful in confirming certain findings that are unearthed during a forensic investigation.
Also, while working on a device which is running on an older platform, you can design an emulator with the same platform. Furthermore, before installing a forensic tool on a real device, the emulator can be used to find out how a forensic tool works and changes content on an Android device. To create a new AVD (on the Windows workstation), perform the following steps:
  1. Open the command prompt (cmd.exe). Start the AVD manager from the command line by navigating to the path where the SDK is installed and call the Android tool with the avd option, as shown in the following command line. This will automatically open the AVD manager:
C:\android-sdk\tools>android avd
Alternatively, the AVD manager can also be started using the graphical AVD manager. To start this, navigate to the location where the SDK is installed (C:\android-sdk in our example) and double-click on AVD Manager.
The Android Virtual Device Manager window is as shown in the...

Índice