Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Title Page Copyright and Credits
Practical Mobile Forensics Fourth Edition
About Packt
Why subscribe?
Contributors
About the authors About the reviewers Packt is searching for authors like you
Preface
Who this book is for What this book covers To get the most out of this book
Download the color images Conventions used
Disclaimer Get in touch
Reviews
Introduction to Mobile Forensics
The need for mobile forensics Understanding mobile forensics Challenges in mobile forensics The mobile phone evidence extraction process
The evidence intake phase The identification phase
The legal authority Data that needs to be extracted The make, model, and identifying information for the device Data storage media Other sources of potential evidence
The preparation phase The isolation phase The processing phase The verification phase The documenting and reporting phase The archiving phase
Practical mobile forensic approaches
Understanding mobile operating systems 
Android iOS Windows Phone
Mobile forensic tool leveling system
Manual extraction Logical analysis Hex dump Chip-off Micro read
Data acquisition methods
Physical acquisition Logical acquisition Manual acquisition
Potential evidence stored on mobile phones Examination and analysis Rules of evidence Good forensic practices
Securing the evidence Preserving the evidence Documenting the evidence and changes Reporting
Summary
Section 1: iOS Forensics Understanding the Internals of iOS Devices
iPhone models and hardware
Identifying the correct hardware model Understanding the iPhone hardware
iPad models and hardware
Understanding the iPad hardware
The HFS Plus and APFS filesystems
The HFS Plus filesystem
The HFS Plus volume
The APFS filesystem
The APFS structure
Disk layout
The iPhone OS
The iOS architecture iOS security
Passcodes, Touch ID, and Face ID Code signing Sandboxing Encryption Data protection Address Space Layout Randomization (ASLR) Privilege separation Stack-smashing protection Data Execution Prevention (DEP) Data wiping Activation Lock
The App Store Jailbreaking
Summary
Data Acquisition from iOS Devices
Operating modes of iOS devices
Normal mode Recovery mode DFU mode Setting up the forensic environment
Password protection and potential bypasses Logical acquisition
Practical logical acquisition with libimobiledevice Practical logical acquisition with the Belkasoft Acquisition Tool Practical logical acquisition with Magnet ACQUIRE
Filesystem acquisition
Practical jailbreaking Practical filesystem acquisition with free tools Practical filesystem acquisition with Elcomsoft iOS Forensic Toolkit
Summary
Data Acquisition from iOS Backups
Working with iTunes backups Creating and analyzing backups with iTunes
Understanding the backup structure
info.plist manifest.plist status.plist manifest.db
Extracting unencrypted backups
iBackup Viewer iExplorer
Handling encrypted backup files
Elcomsoft Phone Breaker
Working with iCloud backups
Extracting iCloud backups
Summary
iOS Data Analysis and Recovery
Interpreting iOS timestamps
Unix timestamps Mac absolute time WebKit/Chrome time
Working with SQLite databases
Connecting to a database Exploring SQLite special commands Exploring standard SQL queries Accessing a database using commercial tools
Key artifacts – important iOS database files
Address book contacts Address book images Call history Short Message Service (SMS) messages Calendar events Notes Safari bookmarks and history Voicemail Recordings Device interaction Phone numbers
Property lists
Important plist files
Other important files
Local dictionary Photos Thumbnails Wallpaper Downloaded third-party applications
Recovering deleted SQLite records Summary
iOS Forensic Tools
Working with Cellebrite UFED Physical Analyzer
Features of Cellebrite UFED Physical Analyzer Advanced logical acquisition and analysis with Cellebrite UFED Physical Analyzer
Working with Magnet AXIOM
Features of Magnet AXIOM Logical acquisition and analysis with Magnet AXIOM
Working with Belkasoft Evidence Center
Features of Belkasoft Evidence Center Logical acquisition and analysis with Belkasoft Evidence Center
Working with Elcomsoft Phone Viewer
Features of Elcomsoft Phone Viewer Filesystem analysis with Elcomsoft Phone Viewer
Summary
Section 2: Android Forensics Understanding Android
The evolution of Android The Android architecture
The Linux kernel layer The Hardware Abstraction Layer Libraries Dalvik Virtual Machine (DVM) ART The Java API framework layer The system apps layer
Android security
Secure kernel The permission model Application sandbox Secure IPC Application signing Security-Enhanced Linux (SELinux) FDE Android Keystore TEE Verified Boot
The Android file hierarchy The Android filesystem
Viewing filesystems on an Android device Common filesystems found on Android
Flash memory filesystems Media-based filesystems Pseudo filesystems
Summary
Android Forensic Setup and Pre-Data Extraction Techniques
Setting up a forensic environment for Android
Installing the software Installing the Android platform tools Creating an Android virtual device
Connecting an Android device to a workstation
Identifying the device cable Installing device drivers Accessing the connected device The Android debug bridge
USB debugging
Accessing the device using adb
Detecting connected devices Killing the local ADB server Accessing the adb shell Basic Linux commands
Handling an Android device
Screen lock bypassing techniques
Using ADB to bypass the screen lock Deleting the gesture.key file Updating the settings.db file Checking for the modified recovery mode and ADB connection Flashing a new recovery partition Using automated tools Using Android Device Manager Bypass using Find My Mobile (for Samsung phones only) Smudge attack Using the forgot password/forgot pattern option Bypassing third-party lock screens by booting into safe mode Secure USB debugging bypass using ADB keys Secure USB debugging bypass in Android 4.4.2 Crashing the lock screen UI in Android 5.x Other techniques
Gaining root access
What is rooting? Understanding the rooting process Rooting an Android device Root access - ADB shell
Summary
Android Data Extraction Techniques
Understanding data extraction techniques Manual data extraction Logical data extraction
ADB pull data extraction Using SQLite Browser to view the data
Extracting device information Extracting call logs Extracting SMS/MMS Extracting browser history information
Analysis of social networking/IM chats ADB backup extraction ADB dumpsys extraction Using content providers
Physical data extraction
Imaging an Android phone Imaging a memory (SD) card Joint Test Action Group The chip-off technique
Summary
Android Data Analysis and Recovery
Analyzing and extracting data from Android image files using the Autopsy tool
The Autopsy platform
Adding an image to Autopsy Analyzing an image using Autopsy
Understanding techniques to recover deleted files from the SD card and the internal memory
Recovering deleted data from an external SD card Recovering data deleted from the internal memory Recovering deleted files by parsing SQLite files Recovering files using file-carving techniques Recovering contacts using your Google account
Summary
Android App Analysis, Malware, and Reverse Engineering
Analyzing widely used Android apps to retrieve valuable data
Facebook Android app analysis WhatsApp Android app analysis Skype Android app analysis Gmail Android app analysis Google Chrome Android app analysis
Techniques to reverse engineer an Android application
Extracting an APK file from an Android device
Steps to reverse engineer Android apps
Android malware
Types of Android malware How does Android malware spread? Identifying Android malware
Summary
Section 3: Windows Forensics and Third-Party Apps Windows Phone Forensics
Windows Phone OS Windows 10 Mobile security model
Chambers Encryption Capability-based model App sandboxing
Windows Phone filesystem Data acquisition Commercial forensic tool acquisition methods Extracting data without the use of commercial tools
SD card data extraction methods
Key artifacts for examination
Extracting contacts and SMS Extracting call history Extracting internet history
Summary
Parsing Third-Party Application Files
Introduction to third-party applications
Chat applications GPS applications Secure applications Financial applications Social networking applications Encoding versus encryption
iOS, Android, and Windows Phone application data storage
iOS applications Android applications Windows Phone applications
Forensic methods used to extract third-party application data
Commercial tools
Oxygen Forensic Detective Magnet AXIOM UFED Physical Analyzer
Open source/free tools
Working with Autopsy Other methods of extracting application data
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion