What this book covers
Chapter 1, Introduction to Mobile Forensics, introduces you to the concepts of mobile forensics, its core values, and the challenges involved. This chapter also provides an overview of the practical approaches and best practices involved in performing mobile forensics.
Chapter 2, Understanding the Internals of iOS Devices, provides an insight into iOS forensics. You will learn about the filesystem layout, security features, and the way files are stored on an iOS device.
Chapter 3, Data Acquisition from iOS Devices, discusses tools that will help you obtain data from iOS devices to later examine forensically. Not all tools are created equal, so it's important to understand the best tools to get the job done properly.
Chapter 4, Data Acquisition from iOS Backups, discusses iOS device backup files in detail, including user, forensic, encrypted, and iCloud backup files, and the methods to conduct your forensic examination.
Chapter 5, iOS Data Analysis and Recovery, goes further into forensic investigation by showing the examiner how to analyze the data recovered from the backup files. Areas containing data of potential evidentiary value will be explained in detail.
Chapter 6, iOS Forensic Tools, for familiarity purposes, walks you through the use of a number of commercial tools, such as Elcomsoft iOS Forensic Toolkit, Cellebrite (UFED4PC, Touch, and Physical Analyzer), BlackLight, Oxygen Forensic Detective, AccessData MPE+, EnCase, Belkasoft Evidence Center, MSAB XRY, and many more, which are available for forensic acquisition and the analysis of iOS devices. This chapter provides details of the processes required to perform acquisitions and analysis of iOS devices.
Chapter 7, Understanding Android, introduces the fundamentals of the Android platform, its built-in security features, and its filesystem. This chapter establishes the basic forensic knowledge that will be helpful in the next chapters.
Chapter 8, Android Forensic Setup and Pre-Data Extraction Techniques, tells you what to consider when setting up a digital forensic examination environment. Step-by-step information about rooting an Android device and bypassing the screen lock feature is provided in this chapter.
Chapter 9, Android Data Extraction Techniques, helps you to identify the sensitive locations on an Android device and explains various logical and physical techniques that can be applied to the device in order to extract the necessary information.
Chapter 10, Android Data Analysis and Recovery, explains how to extract relevant data, such as call logs, text messages, and browsing history from an image file. We will also cover data recovery techniques, with which we can recover data that's been deleted from a device.
Chapter 11, Android App Analysis, Malware, and Reverse Engineering, explains that while the data extraction and data recovery techniques discussed in earlier chapters provide access to valuable data, app analysis in this chapter helps us to acquire information about the specifics of an application, such as preferences and permissions.
Chapter 12, Windows Phone Forensics, discusses Windows Phones, which do not occupy much of the mobile market space. Therefore, most forensic practitioners are unfamiliar with the data formats, embedded databases, and other artifacts that exist on the device. This chapter provides an overview of Windows Phone forensics, describing various methods of acquiring and examining data on Windows mobile devices.
Chapter 13, Parsing Third-Party Application Files, introduces you to the various applications seen on Android devices, iOS devices, and Windows Phones. Each application will vary due to versions and devices, but their underlying structures are similar. We will look at how the data is stored and why preference files are important to your investigation.