舉報 
會員
Practical Mobile Forensics(Third Edition)
Ifyouareaforensicsprofessionalandareeagertowidenyourforensicsskillsettomobileforensicsthen,thisbookisforyou.Someunderstandingofdigitalforensicspracticeswoulddowonders.
目錄(327章)
倒序
- coverpage
- Title Page
- Packt Upsell
- Why subscribe?
- PacktPub.com
- Contributors
- About the authors
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Introduction to Mobile Forensics
- Why do we need mobile forensics?
- Mobile forensics
- Challenges in mobile forensics
- The mobile phone evidence extraction process
- The evidence intake phase
- The identification phase
- The legal authority
- The goals of the examination
- The make model and identifying information for the device
- Removable and external data storage
- Other sources of potential evidence
- The preparation phase
- The isolation phase
- The processing phase
- The verification phase
- Comparing extracted data to the handset data
- Using multiple tools and comparing the results
- Using hash values
- The documenting and reporting phase
- The presentation phase
- The archiving phase
- Practical mobile forensic approaches
- Overview of mobile operating systems
- Android
- iOS
- Windows Phone
- Mobile forensic tool leveling system
- Manual extraction
- Logical extraction
- Hex dump
- Chip-off
- Micro read
- Data acquisition methods
- Physical acquisition
- Logical acquisition
- Manual acquisition
- Potential evidence stored on mobile phones
- Examination and analysis
- Rules of evidence
- Good forensic practices
- Securing the evidence
- Preserving the evidence
- Documenting the evidence and changes
- Reporting
- Summary
- Understanding the Internals of iOS Devices
- iPhone models
- Identifying the correct hardware model
- iPhone hardware
- iPad models
- Understanding the iPad hardware
- Apple Watch models
- Understanding the Apple Watch hardware
- The filesystem
- The HFS Plus filesystem
- The HFS Plus volume
- The APFS filesystem
- The APFS structure
- Disk layout
- iPhone operating system
- The iOS architecture
- iOS security
- Passcodes Touch ID and Face ID
- Code Signing
- Sandboxing
- Encryption
- Data protection
- Address Space Layout Randomization
- Privilege separation
- Stack-smashing protection
- Data execution prevention
- Data wipe
- Activation Lock
- The App Store
- Jailbreaking
- Summary
- Data Acquisition from iOS Devices
- Operating modes of iOS devices
- The normal mode
- The recovery mode
- DFU mode
- Setting up the forensic environment
- Password protection and potential bypasses
- Logical acquisition
- Practical logical acquisition with libimobiledevice
- Practical logical acquisition with Belkasoft Acquisition Tool
- Practical logical acquisition with Magnet ACQUIRE
- Filesystem acquisition
- Practical jailbreaking
- Practical filesystem acquisition with Elcomsoft iOS Forensic Toolkit
- Physical acquisition
- Practical physical acquisition with Elcomsoft iOS Forensic Toolkit
- Summary
- Data Acquisition from iOS Backups
- iTunes backup
- Creating backups with iTunes
- Understanding the backup structure
- info.plist
- manifest.plist
- status.plist
- manifest.db
- Extracting unencrypted backups
- iBackup Viewer
- iExplorer
- BlackLight
- Encrypted backup
- Elcomsoft Phone Breaker
- Working with iCloud backups
- Extracting iCloud backups
- Summary
- iOS Data Analysis and Recovery
- Timestamps
- Unix timestamps
- Mac absolute time
- WebKit/Chrome time
- SQLite databases
- Connecting to a database
- SQLite special commands
- Standard SQL queries
- Accessing a database using commercial tools
- Key artifacts – important iOS database files
- Address book contacts
- Address book images
- Call history
- SMS messages
- Calendar events
- Notes
- Safari bookmarks and cache
- Photo metadata
- Consolidated GPS cache
- Voicemail
- Property lists
- Important plist files
- The HomeDomain plist files
- The RootDomain plist files
- The WirelessDomain plist files
- The SystemPreferencesDomain plist files
- Other important files
- Cookies
- Keyboard cache
- Photos
- Thumbnails
- Wallpaper
- Recordings
- Downloaded applications
- Apple Watch
- Recovering deleted SQLite records
- Summary
- iOS Forensic Tools
- Working with Cellebrite UFED Physical Analyzer
- Features of Cellebrite UFED Physical Analyzer
- Advanced logical acquisition and analysis with Cellebrite UFED Physical Analyzer
- Working with Magnet AXIOM
- Features of Magnet AXIOM
- Logical acquisition and analysis with Magnet AXIOM
- Working with Belkasoft Evidence Center
- Features of Belkasoft Evidence Center
- iTunes backup parsing and analysis with Belkasoft Evidence Center
- Working with Oxygen Forensic Detective
- Features of Oxygen Forensic Detective
- Logical acquisition and analysis with Oxygen Forensic Detective
- Summary
- Understanding Android
- The evolution of Android
- The Android model
- The Linux kernel layer
- The Hardware Abstraction Layer
- Libraries
- Dalvik virtual machine
- Android Runtime (ART)
- The Java API framework layer
- The system apps layer
- Android security
- Secure kernel
- The permission model
- Application sandbox
- Secure inter-process communication
- Application signing
- Security-Enhanced Linux
- Full Disk Encryption
- Trusted Execution Environment
- The Android file hierarchy
- The Android file system
- Viewing file systems on an Android device
- Common file systems found on Android
- Summary
- Android Forensic Setup and Pre-Data Extraction Techniques
- Setting up the forensic environment for Android
- The Android Software Development Kit
- The Android SDK installation
- An Android Virtual Device
- Connecting an Android device to a workstation
- Identifying the device cable
- Installing the device drivers
- Accessing the connected device
- The Android Debug Bridge
- USB debugging
- Accessing the device using adb
- Detecting connected devices
- Killing the local adb server
- Accessing the adb shell
- Basic Linux commands
- Handling an Android device
- Screen lock bypassing techniques
- Using adb to bypass the screen lock
- Deleting the gesture.key file
- Updating the settings.db file
- Checking for the modified recovery mode and adb connection
- Flashing a new recovery partition
- Using automated tools
- Using Android Device Manager
- Smudge attack
- Using the Forgot Password/Forgot Pattern option
- Bypassing third-party lock screens by booting into safe mode
- Securing the USB debugging bypass using adb keys
- Securing the USB debugging bypass in Android 4.4.2
- Crashing the lock screen UI in Android 5.x
- Other techniques
- Gaining root access
- What is rooting?
- Rooting an Android device
- Root access - adb shell
- Summary
- Android Data Extraction Techniques
- Data extraction techniques
- Manual data extraction
- Logical data extraction
- ADB pull data extraction
- Using SQLite Browser to view the data
- Extracting device information
- Extracting call logs
- Extracting SMS/MMS
- Extracting browser history
- Analysis of social networking/IM chats
- ADB backup extraction
- ADB dumpsys extraction
- Using content providers
- Physical data extraction
- Imaging an Android phone
- Imaging a memory (SD) card
- Joint Test Action Group
- Chip-off
- Summary
- Android Data Analysis and Recovery
- Analyzing an Android image
- Autopsy
- Adding an image to Autopsy
- Analyzing an image using Autopsy
- Android data recovery
- Recovering deleted data from an external SD card
- Recovering data deleted from internal memory
- Recovering deleted files by parsing SQLite files
- Recovering files using file-carving techniques
- Recovering contacts using your Google account
- Summary
- Android App Analysis Malware and Reverse Engineering
- Analyzing Android apps
- Facebook Android app analysis
- WhatsApp Android app analysis
- Skype Android app analysis
- Gmail Android app analysis
- Google Chrome Android app analysis
- Reverse engineering Android apps
- Extracting an APK file from an Android device
- Steps to reverse engineer Android apps
- Android malware
- How does malware spread?
- Identifying Android malware
- Summary
- Windows Phone Forensics
- Windows Phone OS
- Security model
- Chambers
- Encryption
- Capability-based model
- App sandboxing
- Windows Phone filesystem
- Data acquisition
- Commercial forensic tool acquisition methods
- Extracting data without the use of commercial tools
- SD card data extraction methods
- Key artifacts for examination
- Extracting contacts and SMS
- Extracting call history
- Extracting internet history
- Summary
- Parsing Third-Party Application Files
- Third-party application overview
- Chat applications
- GPS applications
- Secure applications
- Financial applications
- Social networking applications
- Encoding versus encryption
- Application data storage
- iOS applications
- Android applications
- Windows Phone applications
- Forensic methods used to extract third-party application data
- Commercial tools
- Oxygen Detective
- Magnet IEF
- UFED Physical Analyzer
- Open source tools
- Autopsy
- Other methods of extracting application data
- Summary
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-06-30 19:33:58
推薦閱讀
- 書事:近現代版本雜談
- 文件、信息商業化服務機構建設研究
- 中國城市遺址類博物館開發模式研究
- 新時代檔案工作新思維
- 檔案保護技術
- 高校圖書館閱讀推廣與宣傳促進研究
- Mobile Artificial Intelligence Projects
- 海源閣史
- 圖書情報與圖書館服務探究
- 圖書館學基礎簡明教程
- 文書與檔案管理實務
- 圖書館學散論:科學網圖謀博客精粹
- 陜西古代文獻研究(第一輯)
- 讓文明得到更好的傳承:公共文化服務體系中公共檔案館發展戰略
- 檔案與少數民族記憶
- 且為繁華寄書香:高校圖書館閱讀推廣理論與實務
- 專利計量與專利合作
- 大數據時代科研人員個人學術信息管理行為
- 數字信息環境下圖書館信息資源建設與共享
- 抗戰時期中國圖書館界研究
- 文化與詩學(2009年第1輯)(總第8輯)
- 2017浙江科技統計年鑒
- 電子文件管理與電子證據使用
- 北京大學中國古文獻研究中心集刊·第十七輯
- 北京大學中國古文獻研究中心集刊·第十六輯
- 新編信息檢索教程(慕課版)
- 檔案人員崗位培訓教程
- 民俗娛樂組織活動讀本
- 胡華文集(第五卷)
- 商務活動創意
