Learning iOS Forensics

A practical hands-on guide to acquire and analyze iOS devices with the latest forensic techniques and tools

Learning iOS Forensics

This ebook is included in a Mapt subscription
Mattia Epifani, Pasquale Stirparo

A practical hands-on guide to acquire and analyze iOS devices with the latest forensic techniques and tools
$0.00
$16.00
$39.99
$29.99p/m after trial
RRP $31.99
RRP $39.99
Subscription
eBook
Print + eBook
Start 30 Day Trial
Subscribe and access every Packt eBook & Video.
 
  • 5,000+ eBooks & Videos
  • 50+ New titles a month
  • 1 Free eBook/Video to keep every month
Start Free Trial
 
Code Files
Preview in Mapt

Book Details

ISBN 139781783553518
Paperback220 pages

Book Description

Mobile device forensics relates to the recovery of data from a mobile device. It has an impact on many different situations including criminal investigations and intelligence gathering. iOS devices, with their wide range of functionality and usability, have become one of the mobile market leaders. Millions of people often depend on iOS devices for storing sensitive information, leading to a rise in cybercrime. This has increased the need to successfully retrieve this information from these devices if stolen or lost.

Learning iOS Forensics will give you an insight into the forensics activities you can perform on iOS devices. You will begin with simple concepts such as identifying the specific iOS device and the operating system version and then move on to complex topics such as analyzing the different recognized techniques to acquire the content of the device. Throughout the journey, you will gain knowledge of the best way to extract most of the information by eventually bypassing the protection passcode. After that, you, the examiner, will be taken through steps to analyze the data. The book will give you an overview of how to analyze malicious applications created to steal user credentials and data.

Table of Contents

Chapter 1: Digital and Mobile Forensics
Digital forensics
Mobile forensics
Digital evidence
Identification, collection, and preservation of evidence
Going operational – from acquisition to reporting
SIM cards
Summary
Self-test questions
Chapter 2: Introduction to iOS Devices
iOS devices
iOS devices matrix
iOS operating system
iDevice identification
iOS file system
Summary
Self-test questions
Chapter 3: Evidence Acquisition from iDevices
iOS boot process and operating modes
iOS data security
Unique device identifier
Lockdown certificate
Search and seizure
iOS device acquisition
The iOS device jailbreaking
Apple support for law enforcement
Search and seizure flowchart
Extraction flowchart
Summary
Self-test questions
Chapter 4: Analyzing iOS Devices
How data are stored
The iOS configuration files
Native iOS apps
Other iOS forensics traces
Third-party application analysis
Deleted data recovery
Case study – iOS analysis with Oxygen Forensics Suite 2014
Summary
Self-test questions
Chapter 5: Evidence Acquisition and Analysis from iTunes Backup
iTunes backup
iTunes backup structure
iTunes backup data extraction
Encrypted iTunes backup cracking
Summary
Self-test questions
Chapter 6: Evidence Acquisition and Analysis from iCloud
iCloud
iDevice backup on iCloud
iDevice backup acquisition
iCloud Control Panel artifacts on the computer
Summary
Self-test questions
Chapter 7: Applications and Malware Analysis
Setting up the environment
Application analysis
Automating the analysis
Summary
Self-test questions

What You Will Learn

  • Identify an iOS device among various models (iPhone, iPad, and iPod Touch) and verify the iOS version installed
  • Crack or bypass the passcode protection chosen by the user
  • Acquire detailed physical or logical info of an iOS device
  • Retrieve extra information from side channel data leaks
  • Recover information from a local backup and eventually crack the backup password
  • Download backup information stored on iCloud
  • Analyze the system, user, and third-party information from a device, backup, or iCloud
  • Examine malicious apps to identify the stolen data and credentials

Authors

Table of Contents

Chapter 1: Digital and Mobile Forensics
Digital forensics
Mobile forensics
Digital evidence
Identification, collection, and preservation of evidence
Going operational – from acquisition to reporting
SIM cards
Summary
Self-test questions
Chapter 2: Introduction to iOS Devices
iOS devices
iOS devices matrix
iOS operating system
iDevice identification
iOS file system
Summary
Self-test questions
Chapter 3: Evidence Acquisition from iDevices
iOS boot process and operating modes
iOS data security
Unique device identifier
Lockdown certificate
Search and seizure
iOS device acquisition
The iOS device jailbreaking
Apple support for law enforcement
Search and seizure flowchart
Extraction flowchart
Summary
Self-test questions
Chapter 4: Analyzing iOS Devices
How data are stored
The iOS configuration files
Native iOS apps
Other iOS forensics traces
Third-party application analysis
Deleted data recovery
Case study – iOS analysis with Oxygen Forensics Suite 2014
Summary
Self-test questions
Chapter 5: Evidence Acquisition and Analysis from iTunes Backup
iTunes backup
iTunes backup structure
iTunes backup data extraction
Encrypted iTunes backup cracking
Summary
Self-test questions
Chapter 6: Evidence Acquisition and Analysis from iCloud
iCloud
iDevice backup on iCloud
iDevice backup acquisition
iCloud Control Panel artifacts on the computer
Summary
Self-test questions
Chapter 7: Applications and Malware Analysis
Setting up the environment
Application analysis
Automating the analysis
Summary
Self-test questions

Book Details

ISBN 139781783553518
Paperback220 pages
Read More

Read More Reviews