eBook - ePub
Practical Mobile Forensics
Satish Bommisetty, Rohit Tamma, Heather Mahalik
This is a test
Condividi libro
- 328 pagine
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
Practical Mobile Forensics
Satish Bommisetty, Rohit Tamma, Heather Mahalik
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
In Detail
With the advent of smartphones, the usage and functionality of mobile devices has grown enormously along with the sensitive information contained in these devices. Law enforcement agencies around the world have realized the importance of evidence present on a mobile device and how it can influence the outcome of an investigation.
Practical Mobile Forensics explains mobile forensic techniques on the iOS, Android, Windows, and BlackBerry platforms. You will learn the fundamentals of mobile forensics, and different techniques to extract data from a device, recover deleted data, bypass the screen lock mechanisms, and various other tools that aid in a forensic examination.
This book will teach you everything you need to know to forensically examine a mobile device. The techniques described are not only useful for budding forensic investigators, but will also come in handy for those who may want to recover accidentally deleted data.
Approach
The book is an easy-to-follow guide with clear instructions on various mobile forensic techniques. The chapters and the topics within are structured for a smooth learning curve, which will swiftly empower you to master mobile forensics.
Who this book is for
If you are a budding forensic analyst, consultant, engineer, or a forensic professional wanting to expand your skillset, this is the book for you. The book will also be beneficial to those with an interest in mobile forensics or wanting to find data lost on mobile devices. It will be helpful to be familiar with forensics in general but no prior experience is required to follow this book.
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Practical Mobile Forensics è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Practical Mobile Forensics di Satish Bommisetty, Rohit Tamma, Heather Mahalik in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Law e Law Theory & Practice. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
Practical Mobile Forensics
Table of Contents
Practical Mobile Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of the book
Errata
Piracy
Questions
1. Introduction to Mobile Forensics
Mobile forensics
Mobile forensic challenges
Mobile phone evidence extraction process
The evidence intake phase
The identification phase
The legal authority
The goals of the examination
The make, model, and identifying information for the device
Removable and external data storage
Other sources of potential evidence
The preparation phase
The isolation phase
The processing phase
The verification phase
Comparing extracted data to the handset data
Using multiple tools and comparing the results
Using hash values
The document and reporting phase
The presentation phase
The archiving phase
Practical mobile forensic approaches
Mobile operating systems overview
Android
iOS
Windows phone
BlackBerry OS
Mobile forensic tool leveling system
Manual extraction
Logical extraction
Hex dump
Chip-off
Micro read
Data acquisition methods
Physical acquisition
Logical acquisition
Manual acquisition
Potential evidence stored on mobile phones
Rules of evidence
Admissible
Authentic
Complete
Reliable
Believable
Good forensic practices
Securing the evidence
Preserving the evidence
Documenting the evidence
Documenting all changes
Summary
2. Understanding the Internals of iOS Devices
iPhone models
iPhone hardware
iPad models
iPad hardware
File system
The HFS Plus file system
The HFS Plus volume
Disk layout
iPhone operating system
iOS history
1.x – the first iPhone
2.x – App Store and 3G
3.x – the first iPad
4.x – Game Center and multitasking
5.x – Siri and iCloud
6.x – Apple Maps
7.x – the iPhone 5S and beyond
The iOS architecture
The Cocoa Touch layer
The Media layer
The Core Services layer
The Core OS layer
iOS security
Passcode
Code signing
Sandboxing
Encryption
Data protection
Address Space Layout Randomization
Privilege separation
Stack smashing protection
Data execution prevention
Data wipe
Activation Lock
App Store
Jailbreaking
Summary
3. Data Acquisition from iOS Devices
Operating modes of iOS devices
Normal mode
Recovery mode
DFU mode
Physical acquisition
Acquisition via a custom ramdisk
The forensic environment setup
Downloading and installing the ldid tool
Verifying the codesign_allocate tool path
Installing OSXFuse
Installing Python modules
Downloading iPhone Data Protection Tools
Building the IMG3FS tool
Downloading redsn0w
Creating and loading the forensic toolkit
Downloading the iOS firmware file
Modifying the kernel
Building a custom ramdisk
Booting the custom ramdisk
Establishing communication with the device
Bypassing the passcode
Imaging the data partition
Decrypting the data partition
Recovering the deleted data
Acquisition via jailbreaking
Summary
4. Data Acquisition from iOS Backups
iTunes backup
Pairing records
Understanding the backup structure
info.plist
manifest.plist
status.plist
manifest.mbdb
Header
Record
Unencrypted backup
Extracting unencrypted backups
iPhone Backup Extractor
iPhone Backup Browser
iPhone Data Protection Tools
Decrypting the keychain
Encrypted backup
Extracting encrypted backups
iPhone Data Protection Tools
Decrypting the keychain
iPhone Password Breaker
iCloud backup
Extracting iCloud backups
Summary
5. iOS Data Analysis and Recovery
Timestamps
Unix timestamps
Mac absolute time
SQLite databases
Connecting to a database
SQLite special commands
Standard SQL queries
Important database files
Address book contacts
Address book images
Call history
SMS messages
SMS Spotlight cache
Calendar events
E-mail database
Notes
Safari bookmarks
The Safari web caches
The web application cache
The WebKit storage
The photos metadata
Consolidated GPS cache
Voicemail
Property lists
Important plist files
The HomeDomain plist files
The RootDomain plist files
The WirelessDomain plist files
The SystemPreferencesDomain plist files
Other important files
Cookies
Keyboard cache
Photos
Wallpaper
Snapshots
Recordings
Downloaded applications
Recovering deleted SQLite records
Summary
6. iOS Forensic Tools
Elcomsoft iOS Forensic Toolkit
Features of EIFT
Usage of EIFT
Guided mode
Manual mode
EIFT-supported devices
Compatibility notes
Oxygen Forensic Suite 2014
Features of Oxygen Forensic Suite
Usage of Oxygen Forensic Suite
Oxygen Forensic Suite 2014 supported devices
Cellebrite UFED Physical Analyzer
Features of Cellebrite UFED Physical Analyzer
Usage of Cellebrite UFED Physical Analyzer
Supported devices
Paraben iRecovery Stick
Features of Paraben iRecovery Stick
Usage of Paraben iRecovery Stick
Devices supported by Paraben iRecovery Stick
Open source or free methods
Summary
7. Understanding Android
The Android model
The Linux kernel layer
Libraries
Dalvik virtual machine
The application framework layer
The applications layer
Android security
Secure kernel
The permission ...