舉報 
會員
Practical Mobile Forensics(Third Edition)
Ifyouareaforensicsprofessionalandareeagertowidenyourforensicsskillsettomobileforensicsthen,thisbookisforyou.Someunderstandingofdigitalforensicspracticeswoulddowonders.
目錄(327章)
倒序
- coverpage
- Title Page
- Packt Upsell
- Why subscribe?
- PacktPub.com
- Contributors
- About the authors
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Introduction to Mobile Forensics
- Why do we need mobile forensics?
- Mobile forensics
- Challenges in mobile forensics
- The mobile phone evidence extraction process
- The evidence intake phase
- The identification phase
- The legal authority
- The goals of the examination
- The make model and identifying information for the device
- Removable and external data storage
- Other sources of potential evidence
- The preparation phase
- The isolation phase
- The processing phase
- The verification phase
- Comparing extracted data to the handset data
- Using multiple tools and comparing the results
- Using hash values
- The documenting and reporting phase
- The presentation phase
- The archiving phase
- Practical mobile forensic approaches
- Overview of mobile operating systems
- Android
- iOS
- Windows Phone
- Mobile forensic tool leveling system
- Manual extraction
- Logical extraction
- Hex dump
- Chip-off
- Micro read
- Data acquisition methods
- Physical acquisition
- Logical acquisition
- Manual acquisition
- Potential evidence stored on mobile phones
- Examination and analysis
- Rules of evidence
- Good forensic practices
- Securing the evidence
- Preserving the evidence
- Documenting the evidence and changes
- Reporting
- Summary
- Understanding the Internals of iOS Devices
- iPhone models
- Identifying the correct hardware model
- iPhone hardware
- iPad models
- Understanding the iPad hardware
- Apple Watch models
- Understanding the Apple Watch hardware
- The filesystem
- The HFS Plus filesystem
- The HFS Plus volume
- The APFS filesystem
- The APFS structure
- Disk layout
- iPhone operating system
- The iOS architecture
- iOS security
- Passcodes Touch ID and Face ID
- Code Signing
- Sandboxing
- Encryption
- Data protection
- Address Space Layout Randomization
- Privilege separation
- Stack-smashing protection
- Data execution prevention
- Data wipe
- Activation Lock
- The App Store
- Jailbreaking
- Summary
- Data Acquisition from iOS Devices
- Operating modes of iOS devices
- The normal mode
- The recovery mode
- DFU mode
- Setting up the forensic environment
- Password protection and potential bypasses
- Logical acquisition
- Practical logical acquisition with libimobiledevice
- Practical logical acquisition with Belkasoft Acquisition Tool
- Practical logical acquisition with Magnet ACQUIRE
- Filesystem acquisition
- Practical jailbreaking
- Practical filesystem acquisition with Elcomsoft iOS Forensic Toolkit
- Physical acquisition
- Practical physical acquisition with Elcomsoft iOS Forensic Toolkit
- Summary
- Data Acquisition from iOS Backups
- iTunes backup
- Creating backups with iTunes
- Understanding the backup structure
- info.plist
- manifest.plist
- status.plist
- manifest.db
- Extracting unencrypted backups
- iBackup Viewer
- iExplorer
- BlackLight
- Encrypted backup
- Elcomsoft Phone Breaker
- Working with iCloud backups
- Extracting iCloud backups
- Summary
- iOS Data Analysis and Recovery
- Timestamps
- Unix timestamps
- Mac absolute time
- WebKit/Chrome time
- SQLite databases
- Connecting to a database
- SQLite special commands
- Standard SQL queries
- Accessing a database using commercial tools
- Key artifacts – important iOS database files
- Address book contacts
- Address book images
- Call history
- SMS messages
- Calendar events
- Notes
- Safari bookmarks and cache
- Photo metadata
- Consolidated GPS cache
- Voicemail
- Property lists
- Important plist files
- The HomeDomain plist files
- The RootDomain plist files
- The WirelessDomain plist files
- The SystemPreferencesDomain plist files
- Other important files
- Cookies
- Keyboard cache
- Photos
- Thumbnails
- Wallpaper
- Recordings
- Downloaded applications
- Apple Watch
- Recovering deleted SQLite records
- Summary
- iOS Forensic Tools
- Working with Cellebrite UFED Physical Analyzer
- Features of Cellebrite UFED Physical Analyzer
- Advanced logical acquisition and analysis with Cellebrite UFED Physical Analyzer
- Working with Magnet AXIOM
- Features of Magnet AXIOM
- Logical acquisition and analysis with Magnet AXIOM
- Working with Belkasoft Evidence Center
- Features of Belkasoft Evidence Center
- iTunes backup parsing and analysis with Belkasoft Evidence Center
- Working with Oxygen Forensic Detective
- Features of Oxygen Forensic Detective
- Logical acquisition and analysis with Oxygen Forensic Detective
- Summary
- Understanding Android
- The evolution of Android
- The Android model
- The Linux kernel layer
- The Hardware Abstraction Layer
- Libraries
- Dalvik virtual machine
- Android Runtime (ART)
- The Java API framework layer
- The system apps layer
- Android security
- Secure kernel
- The permission model
- Application sandbox
- Secure inter-process communication
- Application signing
- Security-Enhanced Linux
- Full Disk Encryption
- Trusted Execution Environment
- The Android file hierarchy
- The Android file system
- Viewing file systems on an Android device
- Common file systems found on Android
- Summary
- Android Forensic Setup and Pre-Data Extraction Techniques
- Setting up the forensic environment for Android
- The Android Software Development Kit
- The Android SDK installation
- An Android Virtual Device
- Connecting an Android device to a workstation
- Identifying the device cable
- Installing the device drivers
- Accessing the connected device
- The Android Debug Bridge
- USB debugging
- Accessing the device using adb
- Detecting connected devices
- Killing the local adb server
- Accessing the adb shell
- Basic Linux commands
- Handling an Android device
- Screen lock bypassing techniques
- Using adb to bypass the screen lock
- Deleting the gesture.key file
- Updating the settings.db file
- Checking for the modified recovery mode and adb connection
- Flashing a new recovery partition
- Using automated tools
- Using Android Device Manager
- Smudge attack
- Using the Forgot Password/Forgot Pattern option
- Bypassing third-party lock screens by booting into safe mode
- Securing the USB debugging bypass using adb keys
- Securing the USB debugging bypass in Android 4.4.2
- Crashing the lock screen UI in Android 5.x
- Other techniques
- Gaining root access
- What is rooting?
- Rooting an Android device
- Root access - adb shell
- Summary
- Android Data Extraction Techniques
- Data extraction techniques
- Manual data extraction
- Logical data extraction
- ADB pull data extraction
- Using SQLite Browser to view the data
- Extracting device information
- Extracting call logs
- Extracting SMS/MMS
- Extracting browser history
- Analysis of social networking/IM chats
- ADB backup extraction
- ADB dumpsys extraction
- Using content providers
- Physical data extraction
- Imaging an Android phone
- Imaging a memory (SD) card
- Joint Test Action Group
- Chip-off
- Summary
- Android Data Analysis and Recovery
- Analyzing an Android image
- Autopsy
- Adding an image to Autopsy
- Analyzing an image using Autopsy
- Android data recovery
- Recovering deleted data from an external SD card
- Recovering data deleted from internal memory
- Recovering deleted files by parsing SQLite files
- Recovering files using file-carving techniques
- Recovering contacts using your Google account
- Summary
- Android App Analysis Malware and Reverse Engineering
- Analyzing Android apps
- Facebook Android app analysis
- WhatsApp Android app analysis
- Skype Android app analysis
- Gmail Android app analysis
- Google Chrome Android app analysis
- Reverse engineering Android apps
- Extracting an APK file from an Android device
- Steps to reverse engineer Android apps
- Android malware
- How does malware spread?
- Identifying Android malware
- Summary
- Windows Phone Forensics
- Windows Phone OS
- Security model
- Chambers
- Encryption
- Capability-based model
- App sandboxing
- Windows Phone filesystem
- Data acquisition
- Commercial forensic tool acquisition methods
- Extracting data without the use of commercial tools
- SD card data extraction methods
- Key artifacts for examination
- Extracting contacts and SMS
- Extracting call history
- Extracting internet history
- Summary
- Parsing Third-Party Application Files
- Third-party application overview
- Chat applications
- GPS applications
- Secure applications
- Financial applications
- Social networking applications
- Encoding versus encryption
- Application data storage
- iOS applications
- Android applications
- Windows Phone applications
- Forensic methods used to extract third-party application data
- Commercial tools
- Oxygen Detective
- Magnet IEF
- UFED Physical Analyzer
- Open source tools
- Autopsy
- Other methods of extracting application data
- Summary
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-06-30 19:33:58
推薦閱讀
- 專業圖書館發展之道
- 科學普及組織活動讀本
- 面向青少年的博物館教育(上下卷)
- 公益 創新 服務
- 中國古代戲曲目錄研究
- 地方政府數字檔案集中管理模式研究(國家社會科學基金項目成果)
- 李一氓文存(第二卷):存在集三編下冊
- Mobile Artificial Intelligence Projects
- 知中16·西南聯大的遺產
- 信息資源的公共獲取機制研究
- 珠江論叢(2019年第2輯/總第24輯)
- 博物館與文化浙江建設:浙江省博物館學會2017年學術研討會論文集
- 圖書情報專業碩士培養研究與實踐
- 云環境下我國綜合數字檔案館建設模式研究
- 圖書館學基礎簡明教程
- 近代中國的學術與藏書
- 且為繁華寄書香:高校圖書館閱讀推廣理論與實務
- 崇文集四編:中央文史研究館館員文選(全二冊)(精裝)
- 心智與閱讀
- 中國人民大學復印報刊資料轉載指數排名研究報告(2019)
- 獨立學院圖書館管理初探
- 百歲賀旺年
- 孤本說唱詞話《云門傳》研究
- 北大德國研究(第1卷)
- 面向兒童的博物館教育
- 檔案修裱技術
- 環境保護組織活動讀本
- 新的歷史征程:深入推進高校哲學社會科學繁榮發展資料匯編
- 數字時代的圖書
- 胡華文集(第五卷)
