Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mobile Forensics Cookbook
  • Table Of Contents Toc
  • Feedback & Rating feedback
Mobile Forensics Cookbook

Mobile Forensics Cookbook

By : Mikhaylov
5 (1)
Buy this Book
close
close
Mobile Forensics Cookbook

Mobile Forensics Cookbook

5 (1)
By: Mikhaylov
Buy this Book

Overview of this book

Considering the emerging use of mobile phones, there is a growing need for mobile forensics. Mobile forensics focuses specifically on performing forensic examinations of mobile devices, which involves extracting, recovering and analyzing data for the purposes of information security, criminal and civil investigations, and internal investigations. Mobile Forensics Cookbook starts by explaining SIM cards acquisition and analysis using modern forensics tools. You will discover the different software solutions that enable digital forensic examiners to quickly and easily acquire forensic images. You will also learn about forensics analysis and acquisition on Android, iOS, Windows Mobile, and BlackBerry devices. Next, you will understand the importance of cloud computing in the world of mobile forensics and understand different techniques available to extract data from the cloud. Going through the fundamentals of SQLite and Plists Forensics, you will learn how to extract forensic artifacts from these sources with appropriate tools. By the end of this book, you will be well versed with the advanced mobile forensics techniques that will help you perform the complete forensic acquisition and analysis of user data stored in different devices.
Table of Contents (12 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Sections
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Free Chapter
1
SIM Card Acquisition and Analysis
Icon
SIM Card Acquisition and Analysis
Icon
Introduction
Icon
SIM card acquisition and analysis with TULP2G
Icon
SIM card acquisition and analysis with MOBILedit Forensics
Icon
SIM card acquisition and analysis with SIMCon
Icon
SIM card acquisition and analysis with Oxygen Forensic
2
Android Device Acquisition
Icon
Android Device Acquisition
Icon
Introduction
Icon
Preparatory work
Icon
Android device acquisition with Oxygen Forensic
Icon
Android device acquisition with MOBILedit Forensic
Icon
Android device acquisition with Belkasoft Acquisition Tool
Icon
Android device acquisition with Magnet Aсquire
Icon
Making physical dumps of Android device without rooting
Icon
Unlocking locked Android device
Icon
Acquiring Android device through Wi-Fi
Icon
Samsung Android device acquisition with Smart Switch
3
Apple Device Acquisition
Icon
Apple Device Acquisition
Icon
Introduction
Icon
Apple device acquisition with Oxygen Forensics
Icon
Apple device acquisition with libmobiledevice
Icon
Apple device acquisition with Elcomsoft iOS Toolkit
Icon
Apple device acquisition with iTunes
Icon
Unlocking a locked Apple device
4
Windows Phone and BlackBerry Acquisition
Icon
Windows Phone and BlackBerry Acquisition
Icon
Introduction
Icon
BlackBerry acquisition with Oxygen Forensic
Icon
BlackBerry acquisition with BlackBerry Desktop Software
Icon
Windows Phone acquisition with Oxygen Forensic
Icon
Windows Phone acquisition with UFED 4PC
5
Clouds are Alternative Data Sources
Icon
Clouds are Alternative Data Sources
Icon
Introduction
Icon
Using Cloud Extractor to extract data from Android devices from the cloud
Icon
Using Electronic Evidence Examiner to extract data from a Facebook account
Icon
Using Elcomsoft Phone Breaker to extract data from iCloud
Icon
Using Belkasoft Evidence Center to extract data from iCloud
6
SQLite Forensics
Icon
SQLite Forensics
Icon
Introduction
Icon
Parsing SQLite databases with Belkasoft Evidence Center
Icon
Parsing SQLite databases with DB Browser for SQLite
Icon
Parsing SQLite databases with Oxygen Forensic SQLite Viewer
Icon
Parsing SQLite databases with SQLite Wizard
7
Understanding Plist Forensics
Icon
Understanding Plist Forensics
Icon
Introduction
Icon
Parsing plist with Apple Plist Viewer
Icon
Parsing plist with Belkasoft Evidence Center
Icon
Parsing plist with plist Editor Pro
Icon
Parsing plist with Plist Explorer
8
Analyzing Physical Dumps and Backups of Android Devices
Icon
Analyzing Physical Dumps and Backups of Android Devices
Icon
Introduction
Icon
Android physical dumps and backups parsing with Autopsy
Icon
Android TOT container parsing with Oxygen Forensics
Icon
Android backups parsing with Belkasoft Evidence Center
Icon
Android physical dumps and backups parsing with AXIOM
Icon
Android physical dumps parsing with Encase Forensic
Icon
Thumbnails analysis with ThumbnailExpert
9
iOS Forensics
chevron up
Icon
iOS Forensics
Icon
Introduction
Icon
iOS backup parsing with iPhone Backup Extractor
Icon
iOS backup parsing with UFED Physical Analyzer
Icon
iOS backup parsing with BlackLight
Icon
iOS physical dump and backup parsing with Oxygen Forensic
Icon
iOS backup parsing with Belkasoft Evidence Center
Icon
iOS backup parsing with AXIOM
Icon
iOS backup parsing with Encase Forensic
Icon
iOS backup parsing with Elcomsoft Phone Viewer
Icon
Thumbnail analysis with iThmb Converter
10
Windows Phone and BlackBerry Forensics
Icon
Windows Phone and BlackBerry Forensics
Icon
Introduction
Icon
BlackBerry backup parsing with Elcomsoft Blackberry Backup Explorer Pro
Icon
BlackBerry backup parsing with Oxygen Forensic
Icon
Windows Phone physical dump and backup parsing with Oxygen Forensic
Icon
Windows Phone physical dump parsing with UFED Physical Analyzer
11
JTAG and Chip-off Techniques
Icon
JTAG and Chip-off Techniques
Icon
Introduction
Icon
A sample Android device JTAG
Icon
A sample Android device chip-off
Icon
A sample Windows Phone device JTAG
Icon
A sample iPhone device chip-off

iOS backup parsing with Encase Forensic

The Encase Forensic program has already been described in Chapter 8, Analyzing Physical Dumps and Backups of Android Devices. In this recipe, we will describe how to analyze an iTunes backup via Encase Forensic.

How to do it…

  1. Double-click the icon of the program. Pay attention to the title of the program window when it starts. If the title of the program window says Encase Forensic, then the program runs in full-function mode. If the title of the window says Encase Acquire, it means that the program did not find the license.
  2. To get started, you will need to create a new case. In the program’s toolbar, select Case | New Case .... In the opened Options window, fill in the Name field and click the OK button. Then, in the toolbar, select Add Evidence | Acquire MobileAcquire From File….

Appearance of the Add Evidence drop-down menu

  1. In the opened Output File Settings, fill in the following fields: Notes, Evidence Number, and Examiner Name. Specify the path...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 8
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY