Muutke küpsiste eelistusi

Practical Mobile Forensics [Pehme köide]

3.88/5 (24 hinnangut Goodreads-ist)
, ,
  • Formaat: Paperback / softback, 328 pages, kõrgus x laius: 93x75 mm
  • Ilmumisaeg: 21-Jul-2014
  • Kirjastus: Packt Publishing Limited
  • ISBN-10: 1783288310
  • ISBN-13: 9781783288311
Teised raamatud teemal:
Practical Mobile ForensicsSuurem pilt
  • Formaat: Paperback / softback, 328 pages, kõrgus x laius: 93x75 mm
  • Ilmumisaeg: 21-Jul-2014
  • Kirjastus: Packt Publishing Limited
  • ISBN-10: 1783288310
  • ISBN-13: 9781783288311
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781783288311.html
The book is an easy-to-follow guide with clear instructions on various mobile forensic techniques. The chapters and the topics within are structured for a smooth learning curve, which will swiftly empower you to master mobile forensics. If you are a budding forensic analyst, consultant, engineer, or a forensic professional wanting to expand your skillset, this is the book for you. The book will also be beneficial to those with an interest in mobile forensics or wanting to find data lost on mobile devices. It will be helpful to be familiar with forensics in general but no prior experience is required to follow this book.
Preface 1(6)
Chapter 1 Introduction to Mobile Forensics 7(20)
Mobile forensics
8(3)
Mobile forensic challenges
9(2)
Mobile phone evidence extraction process
11(5)
The evidence intake phase
12(1)
The identification phase
12(2)
The legal authority
13(1)
The goals of the examination
13(1)
The make, model, and identifying information for the device
13(1)
Removable and external data storage
13(1)
Other sources of potential evidence
13(1)
The preparation phase
14(1)
The isolation phase
14(1)
The processing phase
14(1)
The verification phase
14(1)
Comparing extracted data to the handset data
15(1)
Using multiple tools and comparing the results
15(1)
Using hash values
15(1)
The document and reporting phase
15(1)
The presentation phase
16(1)
The archiving phase
16(1)
Practical mobile forensic approaches
16(6)
Mobile operating systems overview
17(1)
Android
17(1)
iOS
18(1)
Windows phone
18(1)
BlackBerry OS
18(1)
Mobile forensic tool leveling system
18(3)
Manual extraction
19(1)
Logical extraction
20(1)
Hex dump
20(1)
Chip-off
20(1)
Micro read
21(1)
Data acquisition methods
21(2)
Physical acquisition
21(1)
Logical acquisition
21(1)
Manual acquisition
22(1)
Potential evidence stored on mobile phones
22(1)
Rules of evidence
23(1)
Admissible
23(1)
Authentic
23(1)
Complete
24(1)
Reliable
24(1)
Believable
24(1)
Good forensic practices
24(1)
Securing the evidence
24(1)
Preserving the evidence
25(1)
Documenting the evidence
25(1)
Documenting all changes
25(1)
Summary
25(2)
Chapter 2 Understanding the Internals of iOS Devices 27(26)
iPhone models
28(7)
iPhone hardware
35(1)
iPad models
36(3)
iPad hardware
39(1)
File system
40(1)
The HFS Plus file system
40(2)
The HFS Plus volume
41(1)
Disk layout
42(1)
iPhone operating system
43(9)
iOS history
44(3)
1.x — the first iPhone
44(1)
2.x — App Store and 3G
44(1)
3.x — the first iPad
45(1)
4.x — Game Center and multitasking
45(1)
5.x — Sin and iCloud
45(1)
6.x — Apple Maps
45(1)
7.x — the iPhone 5S and beyond
46(1)
The iOS architecture
47(1)
The Cocoa Touch layer
47(1)
The Media layer
47(1)
The Core Services layer
47(1)
The Core OS layer
48(1)
iOS security
48(3)
Passcode
49(1)
Code signing
49(1)
Sandboxing
49(1)
Encryption
49(1)
Data protection
49(1)
Address Space Layout Randomization
50(1)
Privilege separation
50(1)
Stack smashing protection
50(1)
Data execution prevention
50(1)
Data wipe
50(1)
Activation Lock
50(1)
App Store
51(1)
Jailbreaking
51(1)
Summary
52(1)
Chapter 3 Data Acquisition from iOS Devices 53(32)
Operating modes of iOS devices
53(6)
Normal mode
54(1)
Recovery mode
55(2)
DFU mode
57(2)
Physical acquisition
59(1)
Acquisition via a custom ramdisk
59(22)
The forensic environment setup
61(6)
Downloading and installing the Idid tool
61(1)
Verifying the codesign_allocate tool path
62(1)
Installing OSXFuse
62(1)
Installing Python modules
63(2)
Downloading iPhone Data Protection Tools
65(1)
Building the IMG3FS tool
66(1)
Downloading redsnOw
66(1)
Creating and loading the forensic toolkit
67(4)
Downloading the iOS firmware file
67(1)
Modifying the kernel
68(1)
Building a custom ramdisk
68(2)
Booting the custom ramdisk
70(1)
Establishing communication with the device
71(1)
Bypassing the passcode
71(3)
Imaging the data partition
74(2)
Decrypting the data partition
76(2)
Recovering the deleted data
78(3)
Acquisition via jailbreaking
81(3)
Summary
84(1)
Chapter 4 Data Acquisition from iOS Backups 85(28)
iTunes backup
86(21)
Pairing records
89(1)
Understanding the backup structure
90(6)
info.plist
92(1)
manifest.plist
92(1)
status.plist
93(1)
manifest.mbdb
93(3)
Unencrypted backup
96(6)
Extracting unencrypted backups
97(4)
Decrypting the keychain
101(1)
Encrypted backup
102(5)
Extracting encrypted backups
103(2)
Decrypting the keychain
105(2)
iCloud backup
107(4)
Extracting iCloud backups
109(2)
Summary
111(2)
Chapter 5 iOS Data Analysis and Recovery 113(26)
Timestamps
113(1)
Unix timestamps
113(1)
Mac absolute time
114(1)
SQLite databases
114(14)
Connecting to a database
115(1)
SQLite special commands
115(2)
Standard SQL queries
117(1)
Important database files
117(11)
Address book contacts
117(2)
Address book images
119(1)
Call history
120(1)
SMS messages
121(1)
SMS Spotlight cache
122(1)
Calendar events
123(1)
E-mail database
124(1)
Notes
124(1)
Safari bookmarks
125(1)
The Safari web caches
125(1)
The web application cache
126(1)
The WebKit storage
126(1)
The photos metadata
126(1)
Consolidated GPS cache
127(1)
Voicemail
128(1)
Property lists
128(4)
Important plist files
130(2)
The HomeDomain plist files
130(1)
The RootDomain plist files
131(1)
The WirelessDomain plist files
132(1)
The SystemPreferencesDomain plist files
132(1)
Other important files
132(4)
Cookies
133(1)
Keyboard cache
133(1)
Photos
134(1)
Wallpaper
135(1)
Snapshots
135(1)
Recordings
135(1)
Downloaded applications
135(1)
Recovering deleted SQLite records
136(1)
Summary
137(2)
Chapter 6 iOS Forensic Tools 139(20)
Elcomsoft iOS Forensic Toolkit
139(6)
Features of EIFT
139(1)
Usage of EIFT
140(4)
Guided mode
140(3)
Manual mode
143(1)
EIFT-supported devices
144(1)
Compatibility notes
144(1)
Oxygen Forensic Suite 2014
145(6)
Features of Oxygen Forensic Suite
146(1)
Usage of Oxygen Forensic Suite
146(5)
Oxygen Forensic Suite 2014 supported devices
151(1)
Cellebrite UFED Physical Analyzer
151(3)
Features of Cellebrite UFED Physical Analyzer
151(1)
Usage of Cellebrite UFED Physical Analyzer
152(2)
Supported devices
154(1)
Paraben iRecovery Stick
154(2)
Features of Paraben iRecovery Stick
154(1)
Usage of Paraben iRecovery Stick
155(1)
Devices supported by Paraben iRecovery Stick
156(1)
Open source or free methods
156(1)
Summary
157(2)
Chapter 7 Understanding Android 159(18)
The Android model
160(4)
The Linux kernel layer
162(1)
Libraries
162(1)
Dalvik virtual machine
163(1)
The application framework layer
164(1)
The applications layer
164(1)
Android security
164(3)
Secure kernel
165(1)
The permission model
165(1)
Application sandbox
166(1)
Secure interprocess communication
167(1)
Application signing
167(1)
Android file hierarchy
167(3)
Android file system
170(6)
Viewing file systems on an Android device
170(4)
Extended File System — EXT
174(2)
Summary
176(1)
Chapter 8 Android Forensic Setup and Pre Data Extraction Techniques 177(24)
A forensic environment setup
177(14)
Android Software Development Kit
178(1)
Android SDK installation
178(3)
Android Virtual Device
181(3)
Connecting an Android device to a workstation
184(1)
Identifying the device cable
184(1)
Installing the device drivers
185(1)
Accessing the connected device
185(1)
Android Debug Bridge
186(1)
Accessing the device using adb
187(2)
Detecting connected devices
188(1)
Killing the local adb server
188(1)
Accessing the adb shell
188(1)
Handling an Android device
189(2)
Screen lock bypassing techniques
191(5)
Using adb to bypass the screen lock
191(1)
Deleting the gesture.key file
192(1)
Updating the settings.db file
192(1)
Checking for the modified recovery mode and adb connection
193(1)
Flashing a new recovery partition
193(1)
Smudge attack
194(1)
Using the primary Gmail account
194(1)
Other techniques
195(1)
Gaining root access
196(4)
What is rooting?
196(1)
Rooting an Android device
197(2)
Root access — adb shell
199(1)
Summary
200(1)
Chapter 9 Android Data Extraction Techniques 201(22)
Imaging an Android Phone
201(2)
Data extraction techniques
203(19)
Manual data extraction
203(1)
Using root access to acquire an Android device
204(2)
Logical data extraction
206(11)
Using the adb pull command
207(1)
Extracting the /data directory on a rooted device
208(1)
Using SQLite Browser
209(1)
Extracting device information
210(1)
Extracting call logs
211(1)
Extracting SMS/MMS
212(1)
Extracting browser history
213(1)
Analysis of social networking/IM chats
214(1)
Using content providers
214(3)
Physical data extraction
217(4)
JTAG
218(1)
Chip-off
219(2)
Imaging a memory (SD) card
221(1)
Summary
222(1)
Chapter 10 Android Data Recovery Techniques 223(14)
Data recovery
223(12)
Recovering the deleted files
224(14)
Recovering deleted data from an SD card
225(3)
Recovering data deleted from internal memory
228(1)
Recovering deleted files by parsing SQLite files
229(2)
Recovering files using file-carving techniques
231(4)
Summary
235(2)
Chapter 11 Android App Analysis and Overview of Forensic Tools 237(18)
Android app analysis
237(1)
Reverse engineering Android apps
238(4)
Extracting an APK file from an Android device
239(1)
Steps to reverse engineer Android apps
240(2)
Forensic tools overview
242(4)
The AFLogical tool
243(1)
AFLogical Open Source Edition
243(1)
AFLogical Law Enforcement (LE)
244(2)
Cellebrite — UFED
246(2)
Physical extraction
246(2)
MOBILedit
248(2)
Autopsy
250(3)
Analyzing an Android in Autopsy
251(2)
Summary
253(2)
Chapter 12 Windows Phone Forensics 255(16)
Windows Phone OS
255(4)
Security model
257(1)
Windows chambers
257(1)
Capability-based model
257(2)
Windows Phone file system
259(1)
Data acquisition
260(10)
Sideloading using ChevronWP7
260(2)
Extracting the data
262(9)
Extracting SMS
264(1)
Extracting e-mail
265(3)
Extracting application data
268(2)
Summary
270(1)
Chapter 13 BlackBerry Forensics 271(24)
BlackBerry OS
271(4)
Security features
273(2)
Data acquisition
275(6)
Standard acquisition methods
275(3)
Creating a BlackBerry backup
278(3)
BlackBerry analysis
281(12)
BlackBerry backup analysis
281(2)
BlackBerry forensic image analysis
283(2)
Encrypted BlackBerry backup files
285(3)
Forensic tools for BlackBerry analysis
288(5)
Summary
293(2)
Index 295
Satish Bommisetty is a security analyst working for a Fortune 500 company. His primary areas of interest include iOS forensics, iOS application security, and web application security. He has presented at international conferences, such as ClubHACK and C0C0n. He is also one of the core members of the Hyderabad OWASP chapter. He has identified and disclosed vulnerabilities within the websites of Google, Facebook, Yandex, PayPal, Yahoo!, AT&T, and more, and is listed in their hall of fame. Rohit Tamma is a security analyst working for a Fortune 500 company. His interests lie in mobile forensics, Android application security, and web application security. He is experienced in performing vulnerability assessments and penetration testing of a range of applications, including web and mobile applications. He lives in Hyderabad, India, where he spends time with his parents and friends. Heather Mahalik is the Mobile Exploitation Team Lead at Basis Technology and the Course Lead for the SANS Smartphone Forensics course. With over 11 years' experience in digital forensics, she currently focuses her energy on mobile device investigations, forensic course development and instruction, and research on smartphone forensics. Prior to joining Basis Technology, Heather worked at Stroz Friedberg and as a contractor for the U.S. Department of State Computer Investigations and Forensics Lab. She earned her Bachelor's degree from West Virginia University. She has authored white papers and forensic course material, and has taught hundreds of courses worldwide for law enforcement, Government, IT, eDiscovery, and other forensic professionals focusing on mobile devices and digital forensics.