Practical Mobile Forensics: A hands-on guide to mastering mobile forensics for the iOS, Android, and the Windows Phone platforms
The exponential growth in smartphones has revolutionized several aspects of our lives. Smartphones are one of the most quickly adopted consumer technologies in recent history. Despite their small size, smartphones are capable of performing many tasks, such as sending private messages and confidential emails, taking photos and videos, making online purchases, viewing sensitive information such as medical records and salary slips, completing banking transactions, accessing social networking sites, and managing business tasks. Hence, a mobile device is now a huge repository of sensitive data, which could provide a wealth of information about its owner. This has in turn led to the evolution of mobile device forensics, a branch of digital forensics, which deals with retrieving data from a mobile device. Today, there is a huge demand for specialized forensic experts, especially given the fact that the data retrieved from a mobile device is court-admissible. Mobile forensics is all about using scientific methodologies to recover data stored within a mobile phone for legal purposes. Unlike traditional computer forensics, mobile forensics has limitations in obtaining evidence due to rapid changes in technology and the fast-paced evolution of mobile software. With different operating systems and a wide range of models being released onto the market, mobile forensics has expanded over the past few years. Specialized forensic techniques and skills are required in order to extract data under different conditions. This book takes you through various techniques to help you learn how to forensically recover data from different mobile devices with the iOS, Android, and Windows Mobile operating systems. This book also covers behind the scenes details, such as how data is stored and what tools actually do in the background, giving you deeper knowledge on several topics. Step-by-step instructions enable you to try forensically recovering data yourself. The book is organized in a manner that allows you to focus independently on chapters that are specific to your required platform.
Who this book is for This book is intended for forensic examiners with little or basic experience in mobile forensics or open source solutions for mobile forensics. The book will also be useful to computer security professionals, researchers, and anyone seeking a deeper understanding of mobile internals. It will also come in handy for those who are trying to recover accidentally deleted data (photos, contacts, SMS messages, and more). What this book covers Chapter 1, Introduction to Mobile Forensics, introduces you to the concepts of mobile forensics, the core values, and the challenges involved. The chapter also provides an overview of practical approaches and best practices involved in performing mobile forensics. Chapter 2, Understanding the Internals of iOS Devices, provides an overview of the popular Apple iOS devices, including an outline of different models and their hardware. The book explains iOS security features and device security and its impact on iOS forensics approaches, focusing on iOS 9-11. The chapter also gives an overview of the HFS+ and APFS filesystems and outlines the sensitive files that are useful for forensic examination. Chapter 3, Data Acquisition from iOS Devices, covers various types of forensic acquisition methods that can be performed on iOS devices, including logical, filesystem, and physical, and guides you to prepare your desktop machine for forensic work. The chapter also discusses passcode bypass techniques. Chapter 4, Data Acquisition from iOS Backups, provides detailed explanations of modern iOS backups and details what types of files are stored in a backup. The chapter also includes step-by-step guides on creating encrypted and unencrypted backups and introduces forensic tools capable of recovering data from backups. Chapter 5, iOS Data Analysis and Recovery, discusses the types of data that is stored on iOS devices and its most common locations in the filesystem. Common file types used in iOS devices, such as plists and SQLite databases, are discussed in detail in order to provide an understanding of how data is stored on a device, which will help forensic examiners to efficiently recover data from those files.
Chapter 6, iOS Forensic Tools, introduces you to the most widely used commercial mobile forensic suites, Cellebrite UFED, Belkasoft Evidence Center, Magnet AXIOM, and Oxygen Forensic Detective, and contains step-by-step guides on how to use them in mobile forensic examinations.
0 comments:
Publicar un comentario