Practical mobile forensics : dive into mobile forensics on iOS, Android, Windows, and BlackBerry devices with this action-packed, practical guide \Satish Bommisetty, Rohit Tamma, Heather Mahalik.

Includes index.

Cover; Copyright; Credits; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Introduction to Mobile Forensics; Mobile forensics; Mobile forensic challenges; Mobile phone evidence extraction process; The evidence intake phase; The identification phase; The legal authority; The goals of the examination; The make, model, and identifying information for the device; Removable and external data storage; Other sources of potential evidence; The preparation phase; The isolation phase; The processing phase; The verification phase. Comparing extracted data to the handset dataUsing multiple tools and comparing the results; Using hash values; The document and reporting phase; The presentation phase; The archiving phase; Practical mobile forensic approaches; Mobile operating systems overview; Android; iOS; Windows phone; BlackBerry OS; Mobile forensic tool leveling system; Manual extraction; Logical extraction; Hex dump; Chip-off; Micro read; Data acquisition methods; Physical acquisition; Logical acquisition; Manual acquisition; Potential evidence stored on mobile phones; Rules of evidence; Admissible; Authentic; Complete. ReliableBelievable; Good forensic practices; Securing the evidence; Preserving the evidence; Documenting the evidence; Documenting all changes; Summary; Chapter 2: Understanding the Internals of iOS Devices; iPhone models; iPhone hardware; iPad models; iPad hardware; File system; The HFS Plus file system; The HFS Plus volume; Disk layout; iPhone operating system; iOS history; 1.x -- the first iPhone; 2.x -- App Store and 3G; 3.x -- the first iPad; 4.x -- Game Center and multitasking; 5.x -- Siri and iCloud; 6.x -- Apple Maps; 7.x -- the iPhone 5S and beyond; The iOS architecture. The Cocoa Touch layerThe Media layer; The Core Services layer; The Core OS layer; iOS security; Passcode; Code signing; Sandboxing; Encryption; Data protection; Address Space Layout Randomization; Privilege separation; Stack smashing protection; Data execution prevention; Data wipe; Activation Lock; App Store; Jailbreaking; Summary; Chapter 3: Data Acquisition from iOS Devices; Operating modes of iOS devices; Normal mode; Recovery mode; DFU mode; Physical acquisition; Acquisition via a custom ramdisk; The forensic environment setup; Downloading and installing the ldid tool. Verifying the codesign_allocate tool pathInstalling OSXFuse; Installing Python modules; Downloading iPhone Data Protection Tools; Building the IMG3FS tool; Downloading redsn0w; Creating and loading the forensic toolkit; Downloading the iOS firmware file; Modifying the kernel; Building a custom ramdisk; Booting the custom ramdisk; Establishing communication with the device; Bypassing the passcode; Imaging the data partition; Decrypting the data partition; Recovering the deleted data; Acquisition via jailbreaking; Summary; Chapter 4: Data Acquisition from iOS Backups; iTunes backup.

The book is an easy-to-follow guide with clear instructions on various mobile forensic techniques. The chapters and the topics within are structured for a smooth learning curve, which will swiftly empower you to master mobile forensics. If you are a budding forensic analyst, consultant, engineer, or a forensic professional wanting to expand your skillset, this is the book for you. The book will also be beneficial to those with an interest in mobile forensics or wanting to find data lost on mobile devices. It will be helpful to be familiar with forensics in general but no prior experience is re.

1 3