Practical Mobile Forensics,
eBook - ePub

Practical Mobile Forensics,

Heather Mahalik, Satish Bommisetty, Oleg Skulkin, Rohit Tamma, Igor Mikhaylov

Condividi libro
  1. 402 pagine
  2. English
  3. ePUB (disponibile sull'app)
  4. Disponibile su iOS e Android
eBook - ePub

Practical Mobile Forensics,

Heather Mahalik, Satish Bommisetty, Oleg Skulkin, Rohit Tamma, Igor Mikhaylov

Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni

Informazioni sul libro

Investigate, analyze, and report iOS, Android, and Windows devices

Key Features

  • Get hands-on experience in performing simple to complex mobile forensics techniques.
  • Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums.
  • A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.

Book Description

Covering up-to-date mobile platforms, this book will focuses on teaching you the most recent techniques for investigating mobile devices. We delve mobile forensics techniques in iOS 9-11, Android 7-8 devices, and Windows 10. We will demonstrate the latest open source and commercial mobile forensics tools, enabling you to analyze and retrieve data effectively. You will learn how to introspect and retrieve data from the cloud, and document and prepare reports of your investigations.

By the end of this book, you will have mastered the current operating systems and the relevant techniques to recover data from mobile devices by leveraging open source solutions.

What you will learn

  • Discover the new techniques in practical mobile forensics
  • Understand the architecture and security mechanisms present in iOS and Android platforms
  • Identify sensitive files on the iOS and Android platforms
  • Set up a forensic environment
  • Extract data from the iOS and Android platforms
  • Recover data on the iOS and Android platforms
  • Understand the forensics of Windows devices
  • Explore various third-party application techniques and data recovery techniques

Who this book is for

If you are a forensics professional and are eager to widen your forensics skill set to mobile forensics then, this book is for you. Some understanding of digital forensics practices would do wonders.

Domande frequenti

Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Practical Mobile Forensics, è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Practical Mobile Forensics, di Heather Mahalik, Satish Bommisetty, Oleg Skulkin, Rohit Tamma, Igor Mikhaylov in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Informatik e Hardware. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.

Informazioni

Editore
Packt Publishing
Anno
2018
ISBN
9781788835909
Edizione
3
Argomento
Informatik
Categoria
Hardware

Android Forensic Setup and Pre-Data Extraction Techniques

In the previous chapter, we covered the fundamentals of Android architecture, security features, filesystems, and other capabilities. Having an established forensic environment before the start of an examination is important, as it ensures that the data is protected while the examiner maintains control of the workstation. This chapter will explain the process of, and what to consider when, setting up a digital forensic examination environment. It is paramount that the examiner maintains control of the forensic environment at all times; this prevents the introduction of contaminants that could affect the forensic investigation.
We will cover the following topics in this chapter:
  • Setting up a forensic environment
  • Connecting the device and accessing it from a workstation
  • Screen lock bypass techniques
  • Gaining root access to the device

Setting up the forensic environment for Android

A forensic examiner may encounter a wide range of mobiles over the course of their investigation. Hence, it is necessary to have a basic environment set up, on top of which he can build based on the requirements. It is also very important that the forensic expert maintains complete control over the environment at all times, to avoid any unexpected situations. Setting up a proper lab environment is an essential part of the forensic process. The Android forensic setup usually involves the following steps:
  • Start with a fresh or forensically sterile computer environment. This means that other data is either not present on the system or is contained in a manner that prevents it from contaminating the present investigation.
  • Install the basic software necessary to connect to the device. Android forensic tools and methodologies will work on Windows, Linux, and OS X platforms.
  • Obtain access to the device. An examiner must be able to enable settings or bypass them in order to allow the data to be extracted from the Android device.
  • Issue commands to the device through the methods defined in this chapter and in Chapter 9, Android Data Extraction Techniques.
The following sections provide guidance on setting up a basic Android forensic workstation.

The Android Software Development Kit

The Android Software Development Kit (SDK) helps the development world to build, test, and debug applications to run on Android. This is achieved by providing the tools necessary to create the applications. However, along with this, it also provides valuable documentation and other tools that can be of great help during the investigation of an Android device.
A good understanding of the Android SDK will help you to get to grips with the particulars of a device and the data on the device.
The Android SDK consists of software libraries, APIs, tools, emulators, and other reference material. It can be downloaded for free from: https://developer.android.com/studio/index.html.
During a forensic investigation, the SDK helps connect to and access the data on the Android device. The Android SDK is updated very frequently, so it's important to verify that your workstation also remains up-to-date. The Android SDK can run on Windows, Linux, and OS X.

The Android SDK installation

A working installation of the Android SDK is a must during the investigation of a forensic device. Most websites recognize the operating system on the computer and will prompt you to download the correct Android SDK. Unlike Android Studio, the SDK tools package only includes the core SDK tools, which you can access from the command line.
The following is a step-by-step procedure to install the Android SDK on a Windows 7 machine:
  1. Before you install the Android SDK, make sure that your system has Java Development Kit installed, because the Android SDK relies on Java SE Development Kit (JDK).
JDK can be downloaded from: http://www.oracle.com/technetwork/java/javase/downloads/index.html.
  1. Download the latest version of the Android SDK from: https://developer.android.com/studio/index.html. The installer version of the SDK is recommended for this purpose.
  1. Run the installer file, which we downloaded in the previous step. You will see a wizard window, as seen in the following screenshot. After this, run through the routine Next steps that you encounter:
Android SDK Tools setup wizard
  1. The installation location is the user's choice and must be remembered for future access. In this example, we will install it in the C:\ folder. Click on the Install button and choose the location (say, C:\android-sdk). The necessary files will be extracted to this folder.
  2. Open the directory (C:\android-sdk) and double-click on SDK Manager.exe to begin the update process. Make sure that you select Android SDK Platform tools and any one release platform version of Android, as shown in the following screenshot. Some of the items in the list are chosen by default. For instance, it is necessary to install the USB driver in order to work with Android devices in Windows. In our example, Google USB Driver is selected. Similarly, you can find other items under the Extras section. Accept the license and click on Install, as shown in the following screenshot:
Android SDK license
This completes the Android SDK installation. You can also update the system's environment variables (path) by pointing to the executable files so that you can avoid navigating to the SDK folder every time you need to execute a command. This can be done by navigating to Control Panel | System | Advanced Settings | Environment Variables and then adding an SDK path to it.
The installation of the Android SDK on OS X and Linux may vary. Make sure that you follow all the steps provided with the SDK download for full functionality.

An Android Virtual Device

Once the Android SDK is installed along with the release platform, you can create an Android Virtual Device (or AVD, also called an emulator), which is often used by developers when creating new applications. However, an emulator has significance from a forensic perspective, too. Emulators are useful when trying to understand how applications behave and execute on a device. This could be helpful in confirming certain findings that are unearthed during a forensic investigation.
Also, while working on a device which is running on an older platform, you can design an emulator with the same platform. Furthermore, before installing a forensic tool on a real device, the emulator can be used to find out how a forensic tool works and changes content on an Android device. To create a new AVD (on the Windows workstation), perform the following steps:
  1. Open the command prompt (cmd.exe). Start the AVD manager from the command line by navigating to the path where the SDK is installed and call the Android tool with the avd option, as shown in the following command line. This will automatically open the AVD manager:
C:\android-sdk\tools>android avd
Alternatively, the AVD manager can also be started using the graphical AVD manager. To start this, navigate to the location where the SDK is installed (C:\android-sdk in our example) and double-click on AVD Manager.
The Android Virtual Device Manager window is as shown in the...

Indice dei contenuti