eBook - ePub
Practical Mobile Forensics
Forensically investigate and analyze iOS, Android, and Windows 10 devices, 4th Edition
Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty
This is a test
Condividi libro
- 400 pagine
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
Practical Mobile Forensics
Forensically investigate and analyze iOS, Android, and Windows 10 devices, 4th Edition
Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
Become well-versed with forensics for the Android, iOS, and Windows 10 mobile platforms by learning essential techniques and exploring real-life scenarios
Key Features
- Apply advanced forensic techniques to recover deleted data from mobile devices
- Retrieve and analyze data stored not only on mobile devices but also on the cloud and other connected mediums
- Use the power of mobile forensics on popular mobile platforms by exploring different tips, tricks, and techniques
Book Description
Mobile phone forensics is the science of retrieving data from a mobile phone under forensically sound conditions. This updated fourth edition of Practical Mobile Forensics delves into the concepts of mobile forensics and its importance in today's world.
The book focuses on teaching you the latest forensic techniques to investigate mobile devices across various mobile platforms. You will learn forensic techniques for multiple OS versions, including iOS 11 to iOS 13, Android 8 to Android 10, and Windows 10. The book then takes you through the latest open source and commercial mobile forensic tools, enabling you to analyze and retrieve data effectively. From inspecting the device and retrieving data from the cloud, through to successfully documenting reports of your investigations, you'll explore new techniques while building on your practical knowledge. Toward the end, you will understand the reverse engineering of applications and ways to identify malware. Finally, the book guides you through parsing popular third-party applications, including Facebook and WhatsApp.
By the end of this book, you will be proficient in various mobile forensic techniques to analyze and extract data from mobile devices with the help of open source solutions.
What you will learn
- Discover new data extraction, data recovery, and reverse engineering techniques in mobile forensics
- Understand iOS, Windows, and Android security mechanisms
- Identify sensitive files on every mobile platform
- Extract data from iOS, Android, and Windows platforms
- Understand malware analysis, reverse engineering, and data analysis of mobile devices
- Explore various data recovery techniques on all three mobile platforms
Who this book is for
This book is for forensic examiners with basic experience in mobile forensics or open source solutions for mobile forensics. Computer security professionals, researchers or anyone looking to gain a deeper understanding of mobile internals will also find this book useful. Some understanding of digital forensic practices will be helpful to grasp the concepts covered in the book more effectively.
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Practical Mobile Forensics è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Practical Mobile Forensics di Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Informatik e Hardware. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
Section 1: iOS Forensics
This section will provide you with an overview of iOS devices such as iPhones and iPads, as well as an overview of the operating systems and filesystems they run. You will learn about the different types of forensic acquisition methods, including logical acquisition and filesystem acquisition, the process of jailbreaking, performing forensic analysis on the most common artifact sources, and how to work with popular mobile forensic software.
This section will consist of the following chapters:
- Chapter 2, Understanding the Internals of iOS Devices
- Chapter 3, Data Acquisition from iOS Devices
- Chapter 4, Data Acquisition from iOS Backups
- Chapter 5, iOS Data Analysis and Recovery
- Chapter 6, iOS Forensic Tools
Understanding the Internals of iOS Devices
According to Apple, there were 1.4 billion active Apple devices in 2019, 900 million of which were running on iOS. While iOS is the leading operating system (OS) for tablets worldwide, Android continues to be the leading OS for smartphones. Regardless of the statistics, if you are a forensic examiner, the chances are that you will need to conduct an examination of an iOS device.
In order to perform a forensic examination of an iOS device, you as the examiner must understand the internal components and inner workings of that device. Developing an understanding of the underlying components of a mobile device will help you understand the criticalities involved in the forensic process, including what data can be acquired, where the data is stored, and what methods can be used to access the data from that device. So, before we delve into the examination of iOS devices, it is necessary to gain an understanding of the different models that exist and their internal components. Throughout this book, we will perform forensic acquisition and analysis on iOS devices, including the iPhone, iPad, and Apple Watch.
The goal of this chapter is to introduce you to iOS device technology. We will cover details that may often get overlooked but will help you during your forensic investigation. You must understand the different iOS devices and how data is stored on these devices before you can successfully extract it.
In this chapter, we will cover the following topics in detail:
- iPhone models and hardware
- iPad models and hardware
- The Hierarchical File System (HFS) Plus and Apple File System (APFS) filesystems
- The iPhone OS
iPhone models and hardware
The iPhone is among the most popular smartphones on the market. Apple released the first-generation iPhone in June 2007. Since the first release, the iPhone became extremely popular due to its many groundbreaking features and usability. The introduction of the iPhone has since redefined the entire world of mobile computing. Consumers have started looking for faster and more efficient phones. Various iPhone models now exist, with different features and storage capabilities to serve consumer requirements.
The iPhones released since the third edition of Practical Mobile Forensics—the iPhone XR, XS, XS Max, 11, and 11 Pro—can be challenging when it comes to dealing with filesystem forensic acquisition methods. Just like the devices released since the iPhone 5, there is no method or tool available to physically recover data from these devices, unless they are jailbroken. However, logical acquisition can be obtained if the iPhone is unlocked. Acquisition methods for data extraction are available and will be discussed in Chapter 3, Data Acquisition from iOS Devices, and Chapter 4, Data Acquisition from iOS Backups. Now, let's learn how to identify the correct hardware model.
Identifying the correct hardware model
Before examining an iPhone, it is necessary to identify the correct hardware model and the firmware version installed on the device. Knowing the iPhone's details helps you to understand the criticalities and possibilities of obtaining evidence from an iPhone. For example, in many cases, the device passcode is required in order to obtain a logical image. Depending on the iOS version, device model, and passcode complexity, it may be possible to obtain the device passcode using a brute-force attack.
There are various ways to identify the hardware of a device. The easiest way to identify the hardware of some devices is to observe the model number displayed on the back of the device. To make this task even simpler, you can use Apple's Knowledge Base articles. More information on iPhone models can be found at https://support.apple.com/en-in/HT201296.
The firmware version of an iPhone can be found by accessing the Settings option and then navigating to General | About | Software Version, as shown in the following screenshot. The purpose of the firmware is to enable certain features and assist with the general functioning of the device:
The iPhone About screen, displaying the software version 13.2
Alternatively, the ideviceinfo command-line tool that is available in the libimobiledevice software library (http://www.libimobiledevice.org/) can be used to identify the iPhone model and its iOS version.
To obtain the iPhone model and its iOS version information on a Windows 10 workstation, follow these steps:
- Download the latest binaries from the following link: https://dev.azure.com/libimobiledevice-win32/imobiledevice-net/_build/results?buildId=419 (click on Artifacts | Binaries to start downloading).
- Unzip the archive with x86 or x64 binaries, depending on your workstation's version.
- Open Command Prompt and change the directory to the one with binaries (use the cd command for this).
- Connect the iPhone to your workstation using a Universal Serial Bus (USB) cable (for the latest iOS versions, the passcode is also required), and run the ideviceinfo command with the -s option, as shown in the following code:
$ ideviceinfo -s The output of the ideviceinfo command displays the iPhone identifier, its internal name, and the iOS version, as shown in the following screenshot:
The output from ideviceinfo displaying firmware version 13.2
Some other tools, such as iExplorer, will provide access to...