What you need for this book

Modern mobile forensics is impossible without using tools. Currently, there is no single, all-in-one tool to cover the complete mobile acquisition and analysis process. Different assignments and different circumstances will require the use of multiple tools. We list the tools used throughout this book here.

For many Android smartphones, we used Oxygen Forensic Suite and Oxygen Forensic Extractor, a commercial product from Oxygen Forensics (http://www.oxygen-forensic.com/en/).

For Android smartphones, you’ll need ADB and Fastboot from Android SDK Tools (part of Android Studio 2.1) as a free download from Google (http://developer.android.com/sdk/index.html).

In addition, you may need TWRP custom recovery (custom built and specific to acquisition target, http://twrp.me) or CWM custom recovery (custom built for specific acquisition target, https://www.clockworkmod.com/), the Busybox package (version depends on acquisition target’s Android version, https://busybox.net/), unyaffs 1.0 (only if acquisition target uses the yaffs file system, https://github.com/ehlers/unyaffs) and Netcat 1.10 (http://nc110.sourceforge.net/). These tools are available as open source downloads from their respective developers.

For Apple iOS devices, we used the following commercial tools: Elcomsoft iOS Forensic Toolkit (https://www.elcomsoft.com/eift.html), Elcomsoft Phone Breaker (demo version downloadable from https://www.elcomsoft.com/eppb.html), and Elcomsoft Phone Viewer (https://www.elcomsoft.com/epv.html). Elcomsoft Phone Breaker and Phone Viewer were also used for acquiring BlackBerry OS, BlackBerry 10, and Windows Phone/Windows 10 Mobile devices.