舉報 
會員
Practical Mobile Forensics
Mobilephoneforensicsisthescienceofretrievingdatafromamobilephoneunderforensicallysoundconditions.ThisupdatedfourtheditionofPracticalMobileForensicsdelvesintotheconceptsofmobileforensicsanditsimportanceintoday'sworld.Thebookfocusesonteachingyouthelatestforensictechniquestoinvestigatemobiledevicesacrossvariousmobileplatforms.YouwilllearnforensictechniquesformultipleOSversions,includingiOS11toiOS13,Android8toAndroid10,andWindows10.Thebookthentakesyouthroughthelatestopensourceandcommercialmobileforensictools,enablingyoutoanalyzeandretrievedataeffectively.Frominspectingthedeviceandretrievingdatafromthecloud,throughtosuccessfullydocumentingreportsofyourinvestigations,you'llexplorenewtechniqueswhilebuildingonyourpracticalknowledge.Towardtheend,youwillunderstandthereverseengineeringofapplicationsandwaystoidentifymalware.Finally,thebookguidesyouthroughparsingpopularthird-partyapplications,includingFacebookandWhatsApp.Bytheendofthisbook,youwillbeproficientinvariousmobileforensictechniquestoanalyzeandextractdatafrommobiledeviceswiththehelpofopensourcesolutions.
目錄(326章)
倒序
- 封面
- Title Page
- Copyright and Credits
- Practical Mobile Forensics Fourth Edition
- About Packt
- Why subscribe?
- Contributors
- About the authors
- About the reviewers
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the color images
- Conventions used
- Disclaimer
- Get in touch
- Reviews
- Introduction to Mobile Forensics
- The need for mobile forensics
- Understanding mobile forensics
- Challenges in mobile forensics
- The mobile phone evidence extraction process
- The evidence intake phase
- The identification phase
- The legal authority
- Data that needs to be extracted
- The make model and identifying information for the device
- Data storage media
- Other sources of potential evidence
- The preparation phase
- The isolation phase
- The processing phase
- The verification phase
- The documenting and reporting phase
- The archiving phase
- Practical mobile forensic approaches
- Understanding mobile operating systems
- Android
- iOS
- Windows Phone
- Mobile forensic tool leveling system
- Manual extraction
- Logical analysis
- Hex dump
- Chip-off
- Micro read
- Data acquisition methods
- Physical acquisition
- Logical acquisition
- Manual acquisition
- Potential evidence stored on mobile phones
- Examination and analysis
- Rules of evidence
- Good forensic practices
- Securing the evidence
- Preserving the evidence
- Documenting the evidence and changes
- Reporting
- Summary
- Section 1: iOS Forensics
- Understanding the Internals of iOS Devices
- iPhone models and hardware
- Identifying the correct hardware model
- Understanding the iPhone hardware
- iPad models and hardware
- Understanding the iPad hardware
- The HFS Plus and APFS filesystems
- The HFS Plus filesystem
- The HFS Plus volume
- The APFS filesystem
- The APFS structure
- Disk layout
- The iPhone OS
- The iOS architecture
- iOS security
- Passcodes Touch ID and Face ID
- Code signing
- Sandboxing
- Encryption
- Data protection
- Address Space Layout Randomization (ASLR)
- Privilege separation
- Stack-smashing protection
- Data Execution Prevention (DEP)
- Data wiping
- Activation Lock
- The App Store
- Jailbreaking
- Summary
- Data Acquisition from iOS Devices
- Operating modes of iOS devices
- Normal mode
- Recovery mode
- DFU mode
- Setting up the forensic environment
- Password protection and potential bypasses
- Logical acquisition
- Practical logical acquisition with libimobiledevice
- Practical logical acquisition with the Belkasoft Acquisition Tool
- Practical logical acquisition with Magnet ACQUIRE
- Filesystem acquisition
- Practical jailbreaking
- Practical filesystem acquisition with free tools
- Practical filesystem acquisition with Elcomsoft iOS Forensic Toolkit
- Summary
- Data Acquisition from iOS Backups
- Working with iTunes backups
- Creating and analyzing backups with iTunes
- Understanding the backup structure
- info.plist
- manifest.plist
- status.plist
- manifest.db
- Extracting unencrypted backups
- iBackup Viewer
- iExplorer
- Handling encrypted backup files
- Elcomsoft Phone Breaker
- Working with iCloud backups
- Extracting iCloud backups
- Summary
- iOS Data Analysis and Recovery
- Interpreting iOS timestamps
- Unix timestamps
- Mac absolute time
- WebKit/Chrome time
- Working with SQLite databases
- Connecting to a database
- Exploring SQLite special commands
- Exploring standard SQL queries
- Accessing a database using commercial tools
- Key artifacts – important iOS database files
- Address book contacts
- Address book images
- Call history
- Short Message Service (SMS) messages
- Calendar events
- Notes
- Safari bookmarks and history
- Voicemail
- Recordings
- Device interaction
- Phone numbers
- Property lists
- Important plist files
- Other important files
- Local dictionary
- Photos
- Thumbnails
- Wallpaper
- Downloaded third-party applications
- Recovering deleted SQLite records
- Summary
- iOS Forensic Tools
- Working with Cellebrite UFED Physical Analyzer
- Features of Cellebrite UFED Physical Analyzer
- Advanced logical acquisition and analysis with Cellebrite UFED Physical Analyzer
- Working with Magnet AXIOM
- Features of Magnet AXIOM
- Logical acquisition and analysis with Magnet AXIOM
- Working with Belkasoft Evidence Center
- Features of Belkasoft Evidence Center
- Logical acquisition and analysis with Belkasoft Evidence Center
- Working with Elcomsoft Phone Viewer
- Features of Elcomsoft Phone Viewer
- Filesystem analysis with Elcomsoft Phone Viewer
- Summary
- Section 2: Android Forensics
- Understanding Android
- The evolution of Android
- The Android architecture
- The Linux kernel layer
- The Hardware Abstraction Layer
- Libraries
- Dalvik Virtual Machine (DVM)
- ART
- The Java API framework layer
- The system apps layer
- Android security
- Secure kernel
- The permission model
- Application sandbox
- Secure IPC
- Application signing
- Security-Enhanced Linux (SELinux)
- FDE
- Android Keystore
- TEE
- Verified Boot
- The Android file hierarchy
- The Android filesystem
- Viewing filesystems on an Android device
- Common filesystems found on Android
- Flash memory filesystems
- Media-based filesystems
- Pseudo filesystems
- Summary
- Android Forensic Setup and Pre-Data Extraction Techniques
- Setting up a forensic environment for Android
- Installing the software
- Installing the Android platform tools
- Creating an Android virtual device
- Connecting an Android device to a workstation
- Identifying the device cable
- Installing device drivers
- Accessing the connected device
- The Android debug bridge
- USB debugging
- Accessing the device using adb
- Detecting connected devices
- Killing the local ADB server
- Accessing the adb shell
- Basic Linux commands
- Handling an Android device
- Screen lock bypassing techniques
- Using ADB to bypass the screen lock
- Deleting the gesture.key file
- Updating the settings.db file
- Checking for the modified recovery mode and ADB connection
- Flashing a new recovery partition
- Using automated tools
- Using Android Device Manager
- Bypass using Find My Mobile (for Samsung phones only)
- Smudge attack
- Using the forgot password/forgot pattern option
- Bypassing third-party lock screens by booting into safe mode
- Secure USB debugging bypass using ADB keys
- Secure USB debugging bypass in Android 4.4.2
- Crashing the lock screen UI in Android 5.x
- Other techniques
- Gaining root access
- What is rooting?
- Understanding the rooting process
- Rooting an Android device
- Root access - ADB shell
- Summary
- Android Data Extraction Techniques
- Understanding data extraction techniques
- Manual data extraction
- Logical data extraction
- ADB pull data extraction
- Using SQLite Browser to view the data
- Extracting device information
- Extracting call logs
- Extracting SMS/MMS
- Extracting browser history information
- Analysis of social networking/IM chats
- ADB backup extraction
- ADB dumpsys extraction
- Using content providers
- Physical data extraction
- Imaging an Android phone
- Imaging a memory (SD) card
- Joint Test Action Group
- The chip-off technique
- Summary
- Android Data Analysis and Recovery
- Analyzing and extracting data from Android image files using the Autopsy tool
- The Autopsy platform
- Adding an image to Autopsy
- Analyzing an image using Autopsy
- Understanding techniques to recover deleted files from the SD card and the internal memory
- Recovering deleted data from an external SD card
- Recovering data deleted from the internal memory
- Recovering deleted files by parsing SQLite files
- Recovering files using file-carving techniques
- Recovering contacts using your Google account
- Summary
- Android App Analysis Malware and Reverse Engineering
- Analyzing widely used Android apps to retrieve valuable data
- Facebook Android app analysis
- WhatsApp Android app analysis
- Skype Android app analysis
- Gmail Android app analysis
- Google Chrome Android app analysis
- Techniques to reverse engineer an Android application
- Extracting an APK file from an Android device
- Steps to reverse engineer Android apps
- Android malware
- Types of Android malware
- How does Android malware spread?
- Identifying Android malware
- Summary
- Section 3: Windows Forensics and Third-Party Apps
- Windows Phone Forensics
- Windows Phone OS
- Windows 10 Mobile security model
- Chambers
- Encryption
- Capability-based model
- App sandboxing
- Windows Phone filesystem
- Data acquisition
- Commercial forensic tool acquisition methods
- Extracting data without the use of commercial tools
- SD card data extraction methods
- Key artifacts for examination
- Extracting contacts and SMS
- Extracting call history
- Extracting internet history
- Summary
- Parsing Third-Party Application Files
- Introduction to third-party applications
- Chat applications
- GPS applications
- Secure applications
- Financial applications
- Social networking applications
- Encoding versus encryption
- iOS Android and Windows Phone application data storage
- iOS applications
- Android applications
- Windows Phone applications
- Forensic methods used to extract third-party application data
- Commercial tools
- Oxygen Forensic Detective
- Magnet AXIOM
- UFED Physical Analyzer
- Open source/free tools
- Working with Autopsy
- Other methods of extracting application data
- Summary
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-06-24 16:39:54
推薦閱讀
- RESTful Java Web Services Security
- Android應用安全實戰:Frida協議分析
- Extending Symfony2 Web Application Framework
- Web漏洞分析與防范實戰:卷1
- 腦洞大開:滲透測試另類實戰攻略
- 大型互聯網企業安全架構
- 網絡安全三十六計:人人該懂的防黑客技巧
- Applied Network Security
- Spring Security(Third Edition)
- 學電腦安全與病毒防范
- Web代碼安全漏洞深度剖析
- 隱私保護機器學習
- 社會工程:防范釣魚欺詐(卷3)
- 網絡入侵檢測系統原理與應用
- 黑客攻防從入門到精通:實戰篇(第2版)
- Blockchain Development with Hyperledger
- AI+網絡安全:智網融合空間體系建設指南
- 計算機病毒揭秘與對抗
- 網絡空間安全原理與實踐
- 云安全實用指南
- 關鍵信息基礎設施安全保護方法與應用
- 信息安全測評實戰指南
- Web滲透測試從新手到高手(微課超值版)
- 網絡關鍵設備安全通用要求解讀
- 數字化系統安全加固技術
- 網絡安全之機器學習
- 機器學習互聯網業務安全實踐
- 黑客攻防從入門到精通(Web腳本編程篇·全新升級版)
- 物聯網安全與隱私保護
- Cuckoo Malware Analysis
