Preface
Mobile devices (such as phones, smartphones, tablets, and other electronic gadgets) are everywhere in our life. We use them every day. Users are increasingly using mobile devices as a means of communicating with other people. It's not just voice calls. This is communication through various instant messaging (such as Skype, iChat, WhatsApp, and Viber) and social networking applications (such as Facebook).
Usually, mobile devices contain a lot of personal data about their owners.
In this book, we will deal with forensic tools for mobile forensics and practical tips and tricks for successfully using them.
What this book covers
Chapter 1, SIM Card Acquisition and Analysis, will guide you through SIM card acquisition and analysis with TULP2G, MOBILedit Forensic, Oxygen Forensic, and Simcon. You will also learn how to analyze SIM cards with TULP2G, MOBILedit Forensic, Oxygen Forensic, and Simcon.
Chapter 2, Android Device Acquisition, will teach you how to acquire data from Android devices with Oxygen Forensic, MOBILedit Forensic, Belkasoft Acquisition Tool, Magnet Aсquire, and Smart Switch.
Chapter 3, Apple Device Acquisition, will teach you the acquisition of different iOS devices. You will learn how to acquire data from iOS devices with Oxygen Forensic, libmobiledevice, Elcomsoft iOS Toolkit, and iTunes.
Chapter 4, Windows Phone and BlackBerry Acquisition, will explain the acquisition of different Windows Phone devices and BlackBerry devices. You will also learn how to acquire data from Windows Phone devices and BlackBerry devices with Oxygen Forensic, BlackBerry Desktop Software, and UFED 4PC.
Chapter 5, Clouds are Alternative Data Sources, will deal with the acquisition of Clouds. In this chapter, you will also learn how to acquire data from Clouds with Cloud Extractor, Electronic Evidence Examiner, Elcomsoft Phone Breaker, and Belkasoft Evidence Center.
Chapter 6, SQLite Forensics, will teach you how to analyze SQLite databases. Also, you will learn how to extract and analyze data from SQLite databases with Belkasoft Evidence Center, DB Browser for SQLite, Oxygen Forensic SQLite Viewer, and SQLite Wizard.
Chapter 7, Understanding Plist Forensics, will help you to analyze plist files. You will learn how to extract and analyze data from plist files with Apple Plist Viewer, Belkasoft Evidence Center, plist Editor Pro, and Plist Explorer.
Chapter 8, Analyzing Physical Dumps and Backups of Android Devices, will teach you how to analyze data (physical dumps, backups, and so on) from Android devices. Also, you will learn how to extract and analyze the data with Autopsy, Oxygen Forensic, Belkasoft Evidence Center, Magnet AXIOM, and Encase Forensic.
Chapter 9, iOS Forensics, will explain how to analyze data from iOS devices. You will learn how to extract and analyze the data with iPhone Backup Extractor, UFED Physical Analyzer, BlackLight, Oxygen Forensic, Belkasoft Evidence Center, Magnet AXIOM, Encase Forensic, and Elcomsoft Phone Viewer.
Chapter 10, Windows Phone and BlackBerry Forensics, will teach how to analyze data from Windows Phone devices and BlackBerry devices. You will learn how to extract and analyze the data with Elcomsoft Blackberry Backup Explorer Pro, Oxygen Forensic, and UFED Physical Analyzer.
Chapter 11, JTAG and Chip-off Techniques, will show you how to extract data from locked or damaged Android devices, Windows Phone devices, and Apple devices.
What you need for this book
The following software is required for this book:
- AccessData FTK Imager
- Autopsy
- Belkasoft Acquisition
- Belkasoft Evidence Center
- BlackBerry Desktop Software
- BlackLigh
- Cellebrite UFED4PC
- DB Browser for SQLite
- Elcomsoft Blackberry Backup Explorer Pro
- Elcomsoft iOS Toolkit
- Elcomsoft Phone Breaker
- Elcomsoft Phone Viewer
- Encase Forensic
- iPhone Backup Extractor
- iThmb Converter
- iTunes
- libmobiledevice
- Magnet AXIOM
- Magnet Aсquire
- MobilEdit Forensics
- Oxygen Software
- Paraben Electronic Evidence Examiner
- PC 3000 Flash
- Plist Editor Pro
- Plist Explorer
- SIMCon
- Smart Switch
- ThumbExpert
- TULP2G
- UFED Physical Analyzer
- Z3X EasyJtag BOX JTAG Classic Suite
Most of the commercial tools in this list have trial versions available that can be downloaded for free. Download links are provided in the chapters.
Who this book is for
If you are a mobile forensic analyst, forensic analyst, or digital forensic student who wants to conduct mobile forensic investigations on different platforms, such as Android OS, iOS, Windows Phone, or BlackBerry OS, then this book is for you.
Sections
In this book, you will find several headings that appear frequently (Getting ready, How to do it…, How it works…, There's more…, and See also). To give clear instructions on how to complete a recipe, we use these sections as follows:
Getting ready
This section tells you what to expect in the recipe, and describes how to set up any software or any preliminary settings required for the recipe.
How to do it…
This section contains the steps required to follow the recipe.
How it works…
This section usually consists of a detailed explanation of what happened in the previous section.
There's more…
This section consists of additional information about the recipe in order to make the reader more knowledgeable about the recipe.
See also
This section provides helpful links to other useful information for the recipe.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning. Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "On the TULP2G download page (https://sourceforge.net/projects/tulp2g/files/), select the TULP2G-installer-1.4.0.4.msi file and download it."
A block of code is set as follows:
;Google Nexus One %SingleAdbInterface% = USB_Install, USB\VID_18D1&PID_0D02 %CompositeAdbInterface% = USB_Install, USB\VID_18D1&PID_0D02&MI_01 %SingleAdbInterface% = USB_Install, USB\VID_18D1&PID_4E11 %CompositeAdbInterface% = USB_Install, USB\VID_18D1&PID_4E12&MI_01
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "When the program is launched, click on the Open Profile... button."
Note
Warnings or important notes appear like this.
Note
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of. To send us general feedback, simply email feedback@packtpub.com, and mention the book's title in the subject of your message. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title. To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear in the Errata section.
Piracy
Piracy of copyrighted material on the internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the internet, please provide us with the location address or website name immediately so that we can pursue a remedy. Please contact us at copyright@packtpub.com with a link to the suspected pirated material. We appreciate your help in protecting our authors and our ability to bring you valuable content.
Questions
If you have a problem with any aspect of this book, you can contact us at questions@packtpub.com, and we will do our best to address the problem.
