For encrypted backups, the backup files are encrypted using the AES256 algorithm in the CBC mode, with a unique key and a null initialization vector (IV). The unique file keys are protected with a set of class keys from the Backup keybag. The class keys in the Backup keybag are protected with a key derived from the password set in iTunes through 10,000 iterations of Password-Based Key Derivation Function 2 (PBKDF2). Both open source and commercial tools provide support for encrypted backup file parsing if the password is known. Some tools won't even prompt for a password, which makes them useless in a forensic investigation. Other tools will attempt to crack the password.
Practical Mobile Forensics
By :
Practical Mobile Forensics
By:
Overview of this book
Covering up-to-date mobile platforms, this book will focuses on teaching you the most recent techniques for investigating mobile devices. We delve mobile forensics techniques in iOS 9-11, Android 7-8 devices, and Windows 10. We will demonstrate the latest open source and commercial mobile forensics tools, enabling you to analyze and retrieve data effectively. You will learn how to introspect and retrieve data from the cloud, and document and prepare reports of your investigations.
By the end of this book, you will have mastered the current operating systems and the relevant techniques to recover data from mobile devices by leveraging open source solutions.
Table of Contents (14 chapters)
Free Chapter
Introduction to Mobile Forensics
Understanding the Internals of iOS Devices
Data Acquisition from iOS Devices
Data Acquisition from iOS Backups
iOS Data Analysis and Recovery
iOS Forensic Tools
Understanding Android
Android Forensic Setup and Pre-Data Extraction Techniques
Android Data Extraction Techniques
Android Data Analysis and Recovery
Android App Analysis, Malware, and Reverse Engineering
Windows Phone Forensics
Parsing Third-Party Application Files
Other Books You May Enjoy
How would like to rate this book
Customer Reviews
