Practical Mobile Forensics（Third Edition）

上QQ阅读APP看书，第一时间看更新

What this book covers

Chapter 1, Introduction to Mobile Forensics, introduces you to the concepts of mobile forensics, the core values, and the challenges involved. The chapter also provides an overview of practical approaches and best practices involved in performing mobile forensics.

Chapter 2, Understanding the Internals of iOS Devices, provides an overview of the popular Apple iOS devices, including an outline of different models and their hardware. The book explains iOS security features and device security and its impact on iOS forensics approaches, focusing on iOS 9-11. The chapter also gives an overview of the HFS+ and APFS filesystems and outlines the sensitive files that are useful for forensic examination.

Chapter 3, Data Acquisition from iOS Devices, covers various types of forensic acquisition methods that can be performed on iOS devices, including logical, filesystem, and physical, and guides you to prepare your desktop machine for forensic work. The chapter also discusses passcode bypass techniques.

Chapter 4, Data Acquisition from iOS Backups, provides detailed explanations of modern iOS backups and details what types of files are stored in a backup. The chapter also includes step-by-step guides on creating encrypted and unencrypted backups and introduces forensic tools capable of recovering data from backups.

Chapter 5, iOS Data Analysis and Recovery, discusses the types of data that is stored on iOS devices and its most common locations in the filesystem. Common file types used in iOS devices, such as plists and SQLite databases, are discussed in detail in order to provide an understanding of how data is stored on a device, which will help forensic examiners to efficiently recover data from those files.

Chapter 6, iOS Forensic Tools, introduces you to the most widely used commercial mobile forensic suites, Cellebrite UFED, Belkasoft Evidence Center, Magnet AXIOM, and Oxygen Forensic Detective, and contains step-by-step guides on how to use them in mobile forensic examinations.

Chapter 7, Understanding Android, introduces you to the Android model, filesystem, and its security features. This chapter provides an explanation of how data is stored on any android device, which will be useful when carrying out forensic investigations.

Chapter 8, Android Forensic Setup and Pre-Data Extraction Techniques, guides you through Android forensic setup and other techniques to use before extracting any information. Screen lock bypass techniques and gaining root access are also discussed in this chapter.

Chapter 9, Android Data Extraction Techniques, provides an explanation of physical, filesystem, and logical acquisition techniques to extract relevant information from an Android device. This chapter covers imaging the device and other advanced techniques, such as JTAG and Chip-Off.

Chapter 10, Android Data Analysis and Recovery, explains how to extract and analyze data from Android image files. The chapter also covers the possibilities and limitations of recovering deleted data from Android devices.

Chapter 11, Android App Analysis, Malware, and Reverse Engineering, includes an analysis of some of the most widely used Android apps to retrieve valuable data. The chapter also covers Android malware and techniques to reverse engineer an Android app to view its data.

Chapter 12, Windows Phone Forensics, provides a basic overview of forensic approaches when dealing with Windows Phones.

Chapter 13, Parsing Third-Party Application Files, guides you through how applications are stored on Android, iOS, and Windows devices and how commercial and open source tools parse through application data.