Mobile Forensics - Advanced Investigative Strategies

Master powerful strategies to acquire and analyze evidence from real-life scenarios

Mobile Forensics - Advanced Investigative Strategies

This ebook is included in a Mapt subscription
Oleg Afonin, Vladimir Katalov

2 customer reviews
Master powerful strategies to acquire and analyze evidence from real-life scenarios
$0.00
$20.00
$49.99
$29.99p/m after trial
RRP $39.99
RRP $49.99
Subscription
eBook
Print + eBook
Start 30 Day Trial
Subscribe and access every Packt eBook & Video.
 
  • 4,000+ eBooks & Videos
  • 40+ New titles a month
  • 1 Free eBook/Video to keep every month
Start Free Trial
 
Code Files
Preview in Mapt

Book Details

ISBN 139781786464484
Paperback412 pages

Book Description

Investigating digital media is impossible without forensic tools. Dealing with complex forensic problems requires the use of dedicated tools, and even more importantly, the right strategies. In this book, you’ll learn strategies and methods to deal with information stored on smartphones and tablets and see how to put the right tools to work.

We begin by helping you understand the concept of mobile devices as a source of valuable evidence. Throughout this book, you will explore strategies and "plays" and decide when to use each technique. We cover important techniques such as seizing techniques to shield the device, and acquisition techniques including physical acquisition (via a USB connection), logical acquisition via data backups, over-the-air acquisition. We also explore cloud analysis, evidence discovery and data analysis, tools for mobile forensics, and tools to help you discover and analyze evidence.

By the end of the book, you will have a better understanding of the tools and methods used to deal with the challenges of acquiring, preserving, and extracting evidence stored on smartphones, tablets, and the cloud.

Table of Contents

Chapter 1: Introducing Mobile Forensics
Why we need mobile forensics
Available information
Stages of mobile forensics
Summary
Chapter 2: Acquisition Methods Overview
Over-the-air acquisition
Logical acquisition (backup analysis)
Physical acquisition
JTAG
Chip-off
In-system programming
Summary
Chapter 3: Acquisition – Approaching Android Devices
Android platform fragmentation
AOSP, GMS, and their forensic implications
Summary
Chapter 4: Practical Steps to Android Acquisition
Android physical acquisition
Approaching physical acquisition
Live imaging
Google Account acquisition – over-the-air
Summary
Chapter 5: iOS – Introduction and Physical Acquisition
iOS forensics – introduction
Tutorial – physical acquisition with Elcomsoft iOS Forensic Toolkit
Summary
Chapter 6: iOS Logical and Cloud Acquisition
Understanding backups - local, cloud, encrypted and unencrypted
Encrypted versus unencrypted iTunes backups
Breaking backup passwords
A fast CPU and a faster video card
Knowing the user helps breaking the password
Tutorial - logical acquisition with Elcomsoft Phone Breaker
Elcomsoft Phone Breaker on a Mac, inside a virtual PC, or via RDP
iOS Cloud forensics - over-the-air acquisition
Tutorial - cloud acquisition with Elcomsoft Phone Breaker
Downloading iCloud/iCloud Drive backups - using authentication tokens
Extracting authentication tokens
Two-factor authentication
What next?
Summary
Chapter 7: Acquisition – Approaching Windows Phone and Windows 10 Mobile
Windows Phone security model
Windows Phone physical acquisition
JTAG forensics on Windows Phone 8.x and Windows 10 Mobile
Windows Phone 8/8.1 and Windows 10 Mobile cloud forensics
Acquiring Windows Phone backups over the air
Summary
Chapter 8: Acquisition – Approaching Windows 8, 8.1, 10, and RT Tablets
Windows 8, 8.1, 10, and RT on portable touchscreen devices
Acquisition of Windows tablets
Imaging Built-in eMMC Storage
Booting Windows tablets from recovery media
Acquiring a BitLocker encryption key
Imaging Windows RT tablets
Cloud Acquisition
Summary
Chapter 9: Acquisition – Approaching BlackBerry
The history of the BlackBerry OS - BlackBerry 1.0-7.1
Acquiring BlackBerry 10
Analyzing BlackBerry backups
Summary
Chapter 10: Dealing with Issues, Obstacles, and Special Cases
Cloud acquisition and two-factor authentication
Unallocated space
Accessing destroyed evidence in different mobile platforms
Windows Phone 8 and 8.1 – possible for end-user devices with limitations
Windows RT, Windows 8/8.1, and Windows 10
eMMC and deleted data
SD cards
SQLite databases (access to call logs, browsing history, and many more)
Summary
Chapter 11: Mobile Forensic Tools and Case Studies
Cellebrite
Micro Systemation AB
AccessData
Oxygen Forensic toolkit
Magnet ACQUIRE
BlackBag Mobilyze
ElcomSoft tools
Case studies
BlackBerry scenarios
Summary

What You Will Learn

  • Understand the challenges of mobile forensics
  • Grasp how to properly deal with digital evidence
  • Explore the types of evidence available on iOS, Android, Windows, and BlackBerry mobile devices
  • Know what forensic outcome to expect under given circumstances
  • Deduce when and how to apply physical, logical, over-the-air, or low-level (advanced) acquisition methods
  • Get in-depth knowledge of the different acquisition methods for all major mobile platforms
  • Discover important mobile acquisition tools and techniques for all of the major platforms

Authors

Table of Contents

Chapter 1: Introducing Mobile Forensics
Why we need mobile forensics
Available information
Stages of mobile forensics
Summary
Chapter 2: Acquisition Methods Overview
Over-the-air acquisition
Logical acquisition (backup analysis)
Physical acquisition
JTAG
Chip-off
In-system programming
Summary
Chapter 3: Acquisition – Approaching Android Devices
Android platform fragmentation
AOSP, GMS, and their forensic implications
Summary
Chapter 4: Practical Steps to Android Acquisition
Android physical acquisition
Approaching physical acquisition
Live imaging
Google Account acquisition – over-the-air
Summary
Chapter 5: iOS – Introduction and Physical Acquisition
iOS forensics – introduction
Tutorial – physical acquisition with Elcomsoft iOS Forensic Toolkit
Summary
Chapter 6: iOS Logical and Cloud Acquisition
Understanding backups - local, cloud, encrypted and unencrypted
Encrypted versus unencrypted iTunes backups
Breaking backup passwords
A fast CPU and a faster video card
Knowing the user helps breaking the password
Tutorial - logical acquisition with Elcomsoft Phone Breaker
Elcomsoft Phone Breaker on a Mac, inside a virtual PC, or via RDP
iOS Cloud forensics - over-the-air acquisition
Tutorial - cloud acquisition with Elcomsoft Phone Breaker
Downloading iCloud/iCloud Drive backups - using authentication tokens
Extracting authentication tokens
Two-factor authentication
What next?
Summary
Chapter 7: Acquisition – Approaching Windows Phone and Windows 10 Mobile
Windows Phone security model
Windows Phone physical acquisition
JTAG forensics on Windows Phone 8.x and Windows 10 Mobile
Windows Phone 8/8.1 and Windows 10 Mobile cloud forensics
Acquiring Windows Phone backups over the air
Summary
Chapter 8: Acquisition – Approaching Windows 8, 8.1, 10, and RT Tablets
Windows 8, 8.1, 10, and RT on portable touchscreen devices
Acquisition of Windows tablets
Imaging Built-in eMMC Storage
Booting Windows tablets from recovery media
Acquiring a BitLocker encryption key
Imaging Windows RT tablets
Cloud Acquisition
Summary
Chapter 9: Acquisition – Approaching BlackBerry
The history of the BlackBerry OS - BlackBerry 1.0-7.1
Acquiring BlackBerry 10
Analyzing BlackBerry backups
Summary
Chapter 10: Dealing with Issues, Obstacles, and Special Cases
Cloud acquisition and two-factor authentication
Unallocated space
Accessing destroyed evidence in different mobile platforms
Windows Phone 8 and 8.1 – possible for end-user devices with limitations
Windows RT, Windows 8/8.1, and Windows 10
eMMC and deleted data
SD cards
SQLite databases (access to call logs, browsing history, and many more)
Summary
Chapter 11: Mobile Forensic Tools and Case Studies
Cellebrite
Micro Systemation AB
AccessData
Oxygen Forensic toolkit
Magnet ACQUIRE
BlackBag Mobilyze
ElcomSoft tools
Case studies
BlackBerry scenarios
Summary

Book Details

ISBN 139781786464484
Paperback412 pages
Read More
From 2 reviews

Read More Reviews