Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Practical Mobile Forensics
  • Table Of Contents Toc
  • Feedback & Rating feedback
Practical Mobile Forensics

Practical Mobile Forensics

By : Rohit Tamma, Oleg Skulkin, Mahalik, Satish Bommisetty
4.3 (9)
Buy this Book
close
close
Practical Mobile Forensics

Practical Mobile Forensics

4.3 (9)
By: Rohit Tamma, Oleg Skulkin, Mahalik, Satish Bommisetty
Buy this Book

Overview of this book

Mobile phone forensics is the science of retrieving data from a mobile phone under forensically sound conditions. This updated fourth edition of Practical Mobile Forensics delves into the concepts of mobile forensics and its importance in today's world. The book focuses on teaching you the latest forensic techniques to investigate mobile devices across various mobile platforms. You will learn forensic techniques for multiple OS versions, including iOS 11 to iOS 13, Android 8 to Android 10, and Windows 10. The book then takes you through the latest open source and commercial mobile forensic tools, enabling you to analyze and retrieve data effectively. From inspecting the device and retrieving data from the cloud, through to successfully documenting reports of your investigations, you'll explore new techniques while building on your practical knowledge. Toward the end, you will understand the reverse engineering of applications and ways to identify malware. Finally, the book guides you through parsing popular third-party applications, including Facebook and WhatsApp. By the end of this book, you will be proficient in various mobile forensic techniques to analyze and extract data from mobile devices with the help of open source solutions.
Table of Contents (18 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Disclaimer
Icon
Get in touch
1
Introduction to Mobile Forensics
Icon
Introduction to Mobile Forensics
Icon
The need for mobile forensics
Icon
Understanding mobile forensics
Icon
Challenges in mobile forensics
Icon
The mobile phone evidence extraction process
Icon
Practical mobile forensic approaches
Icon
Potential evidence stored on mobile phones
Icon
Examination and analysis
Icon
Rules of evidence
Icon
Good forensic practices
Icon
Summary
Free Chapter
2
Section 1: iOS Forensics
Icon
Section 1: iOS Forensics
3
Understanding the Internals of iOS Devices
Icon
Understanding the Internals of iOS Devices
Icon
iPhone models and hardware
Icon
iPad models and hardware
Icon
The HFS Plus and APFS filesystems
Icon
The iPhone OS
Icon
Summary
4
Data Acquisition from iOS Devices
Icon
Data Acquisition from iOS Devices
Icon
Operating modes of iOS devices
Icon
Password protection and potential bypasses
Icon
Logical acquisition
Icon
Filesystem acquisition
Icon
Summary
5
Data Acquisition from iOS Backups
Icon
Data Acquisition from iOS Backups
Icon
Working with iTunes backups
Icon
Creating and analyzing backups with iTunes
Icon
Extracting unencrypted backups
Icon
Handling encrypted backup files
Icon
Working with iCloud backups
Icon
Summary
6
iOS Data Analysis and Recovery
Icon
iOS Data Analysis and Recovery
Icon
Interpreting iOS timestamps
Icon
Working with SQLite databases
Icon
Key artifacts – important iOS database files
Icon
Property lists
Icon
Other important files
Icon
Recovering deleted SQLite records
Icon
Summary
7
iOS Forensic Tools
Icon
iOS Forensic Tools
Icon
Working with Cellebrite UFED Physical Analyzer
Icon
Working with Magnet AXIOM
Icon
Working with Belkasoft Evidence Center
Icon
Working with Elcomsoft Phone Viewer
Icon
Summary
8
Section 2: Android Forensics
Icon
Section 2: Android Forensics
9
Understanding Android
Icon
Understanding Android
Icon
The evolution of Android
Icon
The Android architecture
Icon
Android security
Icon
The Android file hierarchy
Icon
The Android filesystem
Icon
Summary
10
Android Forensic Setup and Pre-Data Extraction Techniques
Icon
Android Forensic Setup and Pre-Data Extraction Techniques
Icon
Setting up a forensic environment for Android
Icon
Connecting an Android device to a workstation
Icon
Screen lock bypassing techniques
Icon
Gaining root access
Icon
Summary
11
Android Data Extraction Techniques
chevron up
Icon
Android Data Extraction Techniques
Icon
Understanding data extraction techniques
Icon
Manual data extraction
Icon
Logical data extraction
Icon
Physical data extraction
Icon
Summary
12
Android Data Analysis and Recovery
Icon
Android Data Analysis and Recovery
Icon
Analyzing and extracting data from Android image files using the Autopsy tool
Icon
Understanding techniques to recover deleted files from the SD card and the internal memory
Icon
Summary
13
Android App Analysis, Malware, and Reverse Engineering
Icon
Android App Analysis, Malware, and Reverse Engineering
Icon
Analyzing widely used Android apps to retrieve valuable data
Icon
Techniques to reverse engineer an Android application
Icon
Android malware
Icon
Summary
14
Section 3: Windows Forensics and Third-Party Apps
Icon
Section 3: Windows Forensics and Third-Party Apps
15
Windows Phone Forensics
Icon
Windows Phone Forensics
Icon
Windows Phone OS
Icon
Windows 10 Mobile security model
Icon
Windows Phone filesystem
Icon
Data acquisition
Icon
Commercial forensic tool acquisition methods
Icon
Extracting data without the use of commercial tools
Icon
Key artifacts for examination
Icon
Summary
16
Parsing Third-Party Application Files
Icon
Parsing Third-Party Application Files
Icon
Introduction to third-party applications
Icon
iOS, Android, and Windows Phone application data storage
Icon
Forensic methods used to extract third-party application data
Icon
Summary
17
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Summary

This chapter covered various manual, logical, and physical data extraction techniques. We learned when and how to apply these techniques during the course of an investigation. Logical techniques extract data by interacting with the device using tools such as ADB. Physical techniques, on the other hand, access a larger set of data; they are complex and require a great deal of expertise to perform. Imaging a device produces a bit-by-bit image of the device, which is later analyzed using tools. Imaging a device is one of the primary steps to ensure that the data on the device is not modified. Android 7.0 and above poses a new challenge to forensic investigators by bringing in new security features and file paths that may limit acquisition. With this knowledge, you can perform device acquisition to extract relevant data from an Android device.

In the next chapter, we will...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Chapter 11
Next Chapter

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY