As sales and usage of iPhones increase so does the demand on organizations that conduct examinations on this device. iPhone and iOS Forensics takes an in-depth look at methods and processes that analyze the iPhone/iPod in an official legal manner. All of the methods and procedures outlined in the book can be taken into any court room. This book details the iPhone with information data sets that are new and evolving, with official hardware knowledge from Apple itself to help aid investigators.
- Learn techniques to forensically acquire the iPhone, iPad and other iOS devices
- Entire chapter focused on Data and Application Security that can assist not only forensic investigators, but also application developers and IT security managers
- In-depth analysis of many of the common applications (both default and downloaded), including where specific data is found within the file system
As sales and usage of iPhones increase so does the demand on organizations that conduct examinations on this device. iPhone and iOS Forensics takes an in-depth look at methods and processes that analyze the iPhone/iPod in an official legal manner. All of the methods and procedures outlined in the book can be taken into any court room. This book details the iPhone with information data sets that are new and evolving, with official hardware knowledge from Apple itself to help aid investigators.
- Learn techniques to forensically acquire the iPhone, iPad and other iOS devices
- Entire chapter focused on Data and Application Security that can assist not only forensic investigators, but also application developers and IT security managers
- In-depth analysis of many of the common applications (both default and downloaded), including where specific data is found within the file system
Arvustused
"...a must-have book for those who are professionally engaged in the practice of digital forensics. The book has a wealth of information, and one would not want to be cross-examined as an expert witness without having read this book first." --The Journal of Digital Forensics, Security and Law ,Vol. 8, No. 4, 2013
Muu info
A guide to the forensic acquisition and analysis of iPhone and iOS devices, and practical advice on how to secure iOS devices, data and apps.
| Acknowledgments |
|
ix | |
| Preface |
|
xi | |
| About the Authors |
|
xiii | |
| About the Technical Editor |
|
xv | |
|
|
|
1 | (34) |
|
|
|
1 | (3) |
|
|
|
2 | (1) |
|
|
|
2 | (2) |
|
|
|
4 | (4) |
|
|
|
5 | (3) |
|
Forensic Examination Approaches |
|
|
8 | (27) |
|
|
|
10 | (2) |
|
|
|
12 | (3) |
|
|
|
15 | (20) |
|
Chapter 2 Device features and functions |
|
|
35 | (20) |
|
|
|
35 | (1) |
|
|
|
35 | (2) |
|
|
|
37 | (5) |
|
|
|
37 | (1) |
|
|
|
37 | (1) |
|
|
|
37 | (4) |
|
Exiting Recovery/DFU mode |
|
|
41 | (1) |
|
|
|
42 | (2) |
|
|
|
42 | (1) |
|
|
|
43 | (1) |
|
|
|
44 | (1) |
|
|
|
44 | (11) |
|
|
|
44 | (1) |
|
|
|
45 | (1) |
|
|
|
46 | (1) |
|
|
|
46 | (1) |
|
|
|
46 | (1) |
|
|
|
47 | (5) |
|
|
|
52 | (1) |
|
|
|
52 | (3) |
|
Chapter 3 File system and data storage |
|
|
55 | (24) |
|
|
|
55 | (1) |
|
|
|
55 | (1) |
|
|
|
56 | (3) |
|
|
|
59 | (6) |
|
|
|
59 | (1) |
|
|
|
60 | (2) |
|
|
|
62 | (3) |
|
|
|
65 | (1) |
|
|
|
65 | (5) |
|
|
|
65 | (1) |
|
|
|
66 | (4) |
|
|
|
70 | (1) |
|
|
|
70 | (1) |
|
|
|
71 | (8) |
|
|
|
74 | (1) |
|
|
|
74 | (1) |
|
|
|
75 | (4) |
|
Chapter 4 iPhone and iPad data security |
|
|
79 | (28) |
|
|
|
79 | (1) |
|
Data Security and Testing |
|
|
80 | (13) |
|
Computer crime laws in the United States |
|
|
80 | (2) |
|
Data protection in the hands of the administrators |
|
|
82 | (3) |
|
Security testing procedure |
|
|
85 | (8) |
|
|
|
93 | (8) |
|
Corporate or individual mobile app consumers |
|
|
94 | (2) |
|
Corporate or individual mobile app developers |
|
|
96 | (1) |
|
Application security strategies for developers |
|
|
97 | (4) |
|
Recommendations for Device and Application Security |
|
|
101 | (6) |
|
|
|
107 | (30) |
|
|
|
107 | (1) |
|
iPhone Forensics Overview |
|
|
107 | (4) |
|
|
|
108 | (1) |
|
Difference between logical and physical techniques |
|
|
109 | (1) |
|
Modification of the target device |
|
|
109 | (2) |
|
|
|
111 | (1) |
|
|
|
111 | (1) |
|
|
|
111 | (1) |
|
|
|
112 | (1) |
|
|
|
112 | (21) |
|
|
|
112 | (7) |
|
|
|
119 | (1) |
|
|
|
120 | (13) |
|
Imaging Other Apple Devices |
|
|
133 | (4) |
|
|
|
133 | (1) |
|
|
|
134 | (1) |
|
|
|
134 | (3) |
|
Chapter 6 Data and application analysis |
|
|
137 | (76) |
|
|
|
137 | (1) |
|
|
|
137 | (22) |
|
|
|
137 | (1) |
|
|
|
138 | (6) |
|
|
|
144 | (2) |
|
Timeline development and analysis |
|
|
146 | (7) |
|
|
|
153 | (6) |
|
iPhone Data Storage Locations |
|
|
159 | (19) |
|
|
|
160 | (7) |
|
|
|
167 | (3) |
|
|
|
170 | (8) |
|
iPhone Application Analysis and Reference |
|
|
178 | (35) |
|
|
|
178 | (23) |
|
Third-party (downloaded) applications |
|
|
201 | (12) |
|
Chapter 7 Commercial tool testing |
|
|
213 | (78) |
|
|
|
213 | (1) |
|
|
|
214 | (4) |
|
|
|
218 | (2) |
|
|
|
220 | (8) |
|
|
|
221 | (1) |
|
|
|
222 | (1) |
|
|
|
222 | (6) |
|
|
|
228 | (6) |
|
|
|
229 | (1) |
|
|
|
229 | (1) |
|
|
|
230 | (4) |
|
Oxygen Forensic Suite 2010 |
|
|
234 | (5) |
|
|
|
236 | (1) |
|
|
|
236 | (1) |
|
|
|
237 | (2) |
|
|
|
239 | (6) |
|
|
|
242 | (1) |
|
|
|
242 | (1) |
|
|
|
242 | (3) |
|
|
|
245 | (6) |
|
|
|
248 | (1) |
|
|
|
248 | (1) |
|
|
|
248 | (3) |
|
|
|
251 | (4) |
|
|
|
253 | (1) |
|
|
|
254 | (1) |
|
|
|
254 | (1) |
|
|
|
255 | (5) |
|
|
|
257 | (1) |
|
|
|
257 | (1) |
|
|
|
257 | (3) |
|
|
|
260 | (6) |
|
|
|
263 | (1) |
|
|
|
263 | (1) |
|
|
|
263 | (3) |
|
|
|
266 | (6) |
|
|
|
268 | (1) |
|
|
|
268 | (1) |
|
|
|
269 | (3) |
|
|
|
272 | (3) |
|
|
|
273 | (1) |
|
|
|
273 | (1) |
|
|
|
274 | (1) |
|
|
|
275 | (4) |
|
|
|
276 | (2) |
|
|
|
278 | (1) |
|
|
|
278 | (1) |
|
|
|
279 | (6) |
|
|
|
281 | (1) |
|
|
|
282 | (1) |
|
|
|
282 | (3) |
|
|
|
285 | (6) |
|
|
|
287 | (1) |
|
|
|
287 | (1) |
|
|
|
287 | (4) |
| Appendix A |
|
291 | (2) |
| Appendix B |
|
293 | (2) |
| Appendix C |
|
295 | (8) |
| Index |
|
303 | |
Andrew Hoog is a computer scientist, certified forensic analyst (GCFA and CCE), computer and mobile forensics researcher, former adjunct professor (assembly language) and owner of viaForensics, an innovative computer and mobile forensic firm. He divides his energies between investigations, research and training about the computer and mobile forensic discipline. He writes computer/mobile forensic how-to guides, is interviewed on radio programs and lectures and trains both corporations and law enforcement agencies. As the foremost expert in Android Forensics, he leads expert level training courses, speaks frequently at conferences and is writing a book on Android forensics. Katie Strzempka is a Technology Consultant with viaForensics, a computer and mobile forensics firm. She performs forensic investigations, security audits and research, and has trained investigators around the world in mobile forensics. Katie is also a co-author for a white paper on iPhone Forensics, an analysis of the various iPhone Forensics commercial tools.Ms. Strzempka received her Masters degree from Purdue University in Cyber Forensics and has a B.S. in Computer and Information Technology. Prior to working for viaForensics, Katie worked for 3 years in Information Security for a Fortune 500 company, handling firewall administration and assisting with internal and external network connectivity.
Lisainfo e-raamatute kohta