Who this book is for_Mobile Forensics：Advanced Investigative Strategies-QQ阅读男生科幻网

上QQ阅读APP看书，第一时间看更新

Who this book is for

We wrote this book for law enforcement and IT security officers who have to deal with digital evidence as part of their daily job. We wanted this book to serve as an introduction and a general guide to mobile forensics. We are aware of the sheer diversity of ecosystems, generations of operating systems, devices, and applications on the market. We have first-hand experience with Android forks, custom ROMs, and manufacturer, operator, and user customizations that can turn a familiar device into a big question mark.

And this is why we strongly believe that there is no way one could possible know of (or even hear about) more than a few variations.

For this reason, we no longer believe in manual acquisition and analysis. We believe in tools. There is no need to invent the wheel or waste endless hours on something the right tool could accomplish in minutes. There are tens of thousands of different device models, and each model can be running a different version of the OS or use a different set of OEM or operator customizations, each with its own security implications. There are millions of applications, each implementing their own way of storing, organizing, and protecting data. It is technically impossible for a single expert to know everything. However, it is still possible to learn about methods, tools, and techniques to acquire and analyze evidence in most real-life situations.

However, even the best tools won’t do any good if you don’t know or don’t follow the basic rules of seizing, handling, and acquiring mobile devices. Make one mistake in a single step, and you risk losing access to evidence, locking down the easier acquisition paths, or even permanently destroying the very data you were about to access. And even if you succeed in extracting evidence, if you don’t stick to the guidelines, the evidence you obtained may not be admissible. This is why we’ll cover the entire workflow from seizing a mobile device to acquiring its content to viewing data and analyzing evidence.

Being able to analyze a mobile device suspected in leaking sensitive information is of great importance to corporate security. However, a passcode lock in a smartphone that was used by an ex-employee may become a major problem if the company does not store recovery keys for each and every mobile device allowed in the corporate network. How do you break into an ex-employee’s passcode-locked iPhone? What can you do with a BlackBerry smartphone? Is there a good reason behind not allowing jailbroken devices on corporate premises? Dealing with this sort of problem requires the use of dedicated tools, and even then a positive outcome is not a given. In this book, you’ll learn about the tools and methods used to deal with information stored in smartphones and tablets.