Muutke küpsiste eelistusi

Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation [Pehme köide]

4.50/5 (11 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 480 pages, kõrgus x laius x paksus: 231x188x23 mm, kaal: 822 g, 75 Illustrations
  • Ilmumisaeg: 16-Dec-2015
  • Kirjastus: McGraw-Hill Professional
  • ISBN-10: 0071843639
  • ISBN-13: 9780071843638
Teised raamatud teemal:
  • Pehme köide
  • Hind: 74,79 €*
  • * saadame teile pakkumise kasutatud raamatule, mille hind võib erineda kodulehel olevast hinnast
  • See raamat on trükist otsas, kuid me saadame teile pakkumise kasutatud raamatule.
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Lisa soovinimekirja
Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and PresentationSuurem pilt
  • Formaat: Paperback / softback, 480 pages, kõrgus x laius x paksus: 231x188x23 mm, kaal: 822 g, 75 Illustrations
  • Ilmumisaeg: 16-Dec-2015
  • Kirjastus: McGraw-Hill Professional
  • ISBN-10: 0071843639
  • ISBN-13: 9780071843638
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780071843638.html
Märksõnad:

This in-depth guide reveals the art of mobile forensics investigation with comprehensive coverage of the entire mobile forensics investigation lifecycle, from evidence collection through advanced data analysis to reporting and presenting findings.

Mobile Forensics Investigation: A Guide to Evidence Collection, Analysis, and Presentation leads examiners through the mobile forensics investigation process, from isolation and seizure of devices, to evidence extraction and analysis, and finally through the process of documenting and presenting findings. This book is not just for those starting out in mobile forensics, but contains information for the seasoned examiner. This book not only gives you knowledge of available mobile forensics tools, but describes and documents how these tools work to collect and analyze mobile device data.  The valuable information will allow you to better collect analyze and present your findings and processes in a court of law or discovery forum.  This holistic approach to mobile forensics, featuring the technical alongside the legal aspects of the investigation process, sets this book apart from the competition. This timely guide is a much-needed resource in today’s mobile computing landscape.

  • Provides you with a holistic understanding of mobile forensics from the basics to advanced analysis
  • Notes offer personal insights from the author's years in law enforcement
  • Tips highlight useful mobile forensics software applications, including open source applications that anyone can use free of charge
  • Case studies document actual mobile forensic cases
  • Photographs demonstrate proper legal protocols, including seizure and storage of devices, and screenshots showcase mobile forensics software at work
  • Advanced techniques feature SQLite parsers and Python scripts
Introduction xv
Chapter 1 Introduction to the World of Mobile Device Forensics 1(24)
A Brief History of the Mobile Device
3(3)
Martin Cooper
3(1)
Size Evolution
4(1)
Data Evolution
4(1)
Storage Evolution
5(1)
Mobile Device Data: The Relevance Today
6(2)
Mobile Devices in the Media
7(1)
The Overuse of the Word "Forensic"
8(2)
Write Blockers and Mobile Devices
8(2)
Mobile Device Technology and Mobile Forensics
10(2)
From Data Transfer to Data Forensics
10(1)
Processes and Procedures
11(1)
Examination Awareness and Progression
12(2)
Data Storage Points
14(7)
Mobile Technology Acronyms
14(2)
Mobile Device
16(1)
SIM
17(1)
Media Storage Cards
18(1)
Mobile Device Backups
19(2)
Educational Resources
21(2)
Phone Scoop
22(1)
GSMArena
22(1)
Forums
22(1)
Preparing for Your Journey
23(1)
Chapter Summary
23(2)
Chapter 2 Mobile Devices vs. Computer Devices in the World of Forensics 25(20)
Computer Forensics Defined
26(1)
International Association of Computer Investigative Specialists (IACIS)
26(1)
International Society of Forensic Computer Examiners (ISFCE)
27(1)
Applying Forensic Processes and Procedures
27(1)
Seizure
27(1)
Collection
28(1)
Analysis/Examination
28(1)
Presentation
28(1)
Approach to Mobile Device Forensics
28(7)
NIST and Mobile Forensics
33(1)
Process and Procedure
34(1)
Standard Operating Procedure Document
35(4)
Purpose and Scope
35(1)
Definitions
36(1)
Equipment/Materials
36(1)
General Information
37(1)
Procedure
37(1)
References/Documents
38(1)
Successful SOP Creation and Execution
38(1)
Creation of a Workflow
39(1)
Specialty Mobile Forensic Units
39(2)
Forensic Software
41(1)
Common Misconceptions
41(2)
Seasoned Computer Forensics Examiners' Misconceptions
41(1)
First Responders' Misconceptions
42(1)
Chapter Summary
43(2)
Chapter 3 Collecting Mobile Devices, USB Drives, and Storage Media at the Scene 45(20)
Lawful Device Seizure
45(3)
Before the Data Seizure
47(1)
Fourth Amendment Rights
48(6)
The Supreme Court and Mobile Device Data Seizure
48(1)
Warrantless Searches
49(2)
Location to Be Searched: Physical Location
51(1)
Location to Be Searched: Mobile Device
52(2)
Securing the Scene
54(3)
Data Volatility at the Scene
54(1)
Asking the Right Questions
55(2)
Examining the Scene for Evidence
57(2)
USB Drives
58(1)
Chargers and USB Cables
58(1)
SD Cards
58(1)
SIM Cards
59(1)
Older Mobile Devices
59(1)
Personal Computers
59(1)
Once You Find It, What's Next?
59(2)
Inventory and Location
60(1)
Data Collection: Where and When
61(1)
Chapter Summary
62(3)
Chapter 4 Preparing, Protecting, and Seizing Digital Device Evidence 65(26)
Before Seizure: Understanding Mobile Device Communication
65(6)
Cellular Communication
66(3)
Bluetooth Communication
69(1)
Wi-Fi Communication
70(1)
Near Field Communication
71(1)
Understanding Mobile Device Security
71(6)
Apple iOS Devices
72(3)
Android Devices
75(2)
Windows Mobile and Windows Phone
77(1)
BlackBerry Devices
77(1)
Photographing the Evidence at the Scene
77(1)
Tagging and Marking Evidence
78(2)
Documentating the Evidence at the Scene
80(2)
Mobile Device
80(1)
Mobile Device Accessories
81(1)
SIM Card
81(1)
Memory Cards
81(1)
Dealing with Power Issues: The Device State
82(3)
Bagging Sensitive Evidence
85(2)
Types of Bagging Equipment
85(1)
Properly Bagging Mobile Device Evidence
86(1)
Transporting Mobile Device Evidence
87(1)
To Storage
87(1)
To the Lab
88(1)
Establishing Chain of Custody
88(1)
Chapter Summary
89(2)
Chapter 5 Toolbox Forensics: Multiple-Tool Approach 91(28)
Choosing the Right Tools
92(20)
Analyzing Several Devices Collectively
94(3)
Verifying and Validating Software
97(13)
Using Multiple Tools to Your Advantage
110(2)
Dealing with Challenges
112(4)
Overcoming Challenges by Verification and Validation
112(1)
Overcoming Challenges for Single- and Multiple-Tool Examinations
113(3)
Chapter Summary
116(3)
Chapter 6 Mobile Forensic Tool Overview 119(34)
Collection Types
120(7)
Logical Collection
120(5)
Physical Collection
125(2)
Collection Pyramid
127(15)
Collection Additions
131(2)
Nontraditional Tools
133(9)
Traditional Tool Matrix
142(1)
Tools Available
143(8)
Open Source Tools
143(4)
Freeware Tools
147(1)
Commercial Tools
148(3)
Chapter Summary
151(2)
Chapter 7 Preparing the Environment for Your First Collection 153(26)
Creating the Ideal System
154(7)
Processor (CPU)
155(1)
RAM
155(1)
Input/Output (I/O)
156(1)
Storage
157(2)
External Storage
159(1)
Operating System
159(2)
Device Drivers and Multiple-Tool Environments
161(16)
Understanding Drivers
161(1)
Finding Mobile Device Drivers
162(4)
Installing Drivers
166(8)
Cleaning the Computer System of Unused Drivers and Ports
174(3)
Chapter Summary
177(2)
Chapter 8 Conducting a Collection of a Mobile Device: Considerations and Actions 179(46)
Initial Considerations
180(3)
Isolating the Device
180(1)
Device Collection Type: Logical or Physical
181(2)
Initial Documentation
183(6)
Device
184(2)
Battery
186(1)
UICC
187(1)
Memory Card
188(1)
JTAG or Chip-Off
188(1)
Isolation of the Mobile Device
189(5)
Methods, Appliances, and Techniques for Isolating a Device
189(5)
Mobile Device Processing Workflow
194(29)
Feature Phone Collections
196(5)
BlackBerry Collections
201(4)
Windows Mobile and Windows Phone Examinations
205(4)
Apple iOS Connections and Collections
209(6)
Android OS Connections and Collections
215(8)
Chapter Summary
223(2)
Chapter 9 Analyzing SIM Cards 225(22)
Smart Card Overview: SIM and UICC
225(20)
SIM Card Analysis
226(2)
File System UICC Structure
228(1)
Network Information Data Locations
229(5)
User Data Locations
234(11)
Chapter Summary
245(2)
Chapter 10 Analyzing Feature Phone, BlackBerry, and Windows Phone Data 247(50)
Avoiding Tool Hashing Inconsistencies
248(2)
Iceberg Theory
250(1)
Feature Phones
251(14)
Feature Phone "Tip of the Iceberg Data"
252(1)
Parsing a Feature Phone File System
252(13)
BlackBerry Devices
265(21)
BlackBerry "Tip of the Iceberg Data"
266(1)
Blackberry Database Breakdown
267(7)
BlackBerry Data Formats and Data Types
274(6)
BlackBerry 10 File System
280(6)
Windows Phone
286(8)
Windows Phone "Tip of the Iceberg Data"
286(1)
Windows Phone File System
286(8)
Chapter Summary
294(3)
Chapter 11 Advanced iOS Analysis 297(52)
The iOS File System
298(5)
iOS "Tip of the Iceberg Data"
303(2)
File System Structure
305(19)
App Data
305(7)
App Caches
312(5)
Additional File System Locations
317(7)
iOS Evidentiary File Types
324(22)
SQLite Databases
325(12)
Property Lists
337(5)
Miscellaneous iOS Files
342(4)
Chapter Summary
346(3)
Chapter 12 Querying SQLite and Taming the Forensic Snake 349(26)
Querying of the SQLite Database
350(8)
What Is a SQL Query?
350(4)
Building a Simple SQL Query
354(3)
Automating Query Building
357(1)
Analysis with Python
358(14)
Python Terminology
360(5)
Using Python Scripts
365(4)
Hashing a Directory of Files
369(2)
Using Regular Expressions
371(1)
Chapter Summary
372(3)
Chapter 13 Advanced Android Analysis 375(44)
Android Device Information
376(7)
Partitions
376(2)
The File System
378(5)
Predominate Android File Types
383(2)
Artifacts
385(1)
"Tip of the Iceberg Data"
386(17)
Additional File System Locations
387(6)
/data Folder
393(10)
File Interrogation
403(3)
Scripts
404(2)
Android App Files and Malware
406(9)
Analysis Levels
408(7)
Chapter Summary
415(4)
Chapter 14 Presenting the Data as a Mobile Forensics Expert 419(24)
Presenting the Data
420(15)
The Importance of Taking Notes
421(2)
The Audience
423(1)
Format of the Examiner's Presentation
424(1)
Why Being Technical Is Not Always Best
425(1)
What Data to Include in the Report
426(7)
To Include or Not to Include
433(2)
Becoming a Mobile Forensic Device Expert
435(6)
Importance of a Complete Collection
437(1)
Conforming to Current Expectations May Not Be the Best Approach
438(1)
Additional Suggestions and Advice
439(2)
Chapter Summary
441(2)
Index 443
Lee Reiber is a recognized expert and pioneer in the mobile forensics field. Lee often speaks globally on the recovery of mobile data, incident response to mobile threats, and advanced analysis techniques. Lee hosts a mobile forensics-centric podcast and blog, http://blog.cellphonedetectives.com, and is a frequent contributor and author to several tech magazines.