舉報 
會員
Practical Mobile Forensics
Mobilephoneforensicsisthescienceofretrievingdatafromamobilephoneunderforensicallysoundconditions.ThisupdatedfourtheditionofPracticalMobileForensicsdelvesintotheconceptsofmobileforensicsanditsimportanceintoday'sworld.Thebookfocusesonteachingyouthelatestforensictechniquestoinvestigatemobiledevicesacrossvariousmobileplatforms.YouwilllearnforensictechniquesformultipleOSversions,includingiOS11toiOS13,Android8toAndroid10,andWindows10.Thebookthentakesyouthroughthelatestopensourceandcommercialmobileforensictools,enablingyoutoanalyzeandretrievedataeffectively.Frominspectingthedeviceandretrievingdatafromthecloud,throughtosuccessfullydocumentingreportsofyourinvestigations,you'llexplorenewtechniqueswhilebuildingonyourpracticalknowledge.Towardtheend,youwillunderstandthereverseengineeringofapplicationsandwaystoidentifymalware.Finally,thebookguidesyouthroughparsingpopularthird-partyapplications,includingFacebookandWhatsApp.Bytheendofthisbook,youwillbeproficientinvariousmobileforensictechniquestoanalyzeandextractdatafrommobiledeviceswiththehelpofopensourcesolutions.
最新章節
- Leave a review - let other readers know what you think
- Other Books You May Enjoy
- Summary
- Other methods of extracting application data
- Working with Autopsy
- Open source/free tools
品牌:中圖公司
上架時間:2021-06-24 15:27:58
出版社:Packt Publishing
本書數字版權由中圖公司提供,并由其授權上海閱文信息技術有限公司制作發行
- Leave a review - let other readers know what you think 更新時間:2021-06-24 16:39:54
- Other Books You May Enjoy
- Summary
- Other methods of extracting application data
- Working with Autopsy
- Open source/free tools
- UFED Physical Analyzer
- Magnet AXIOM
- Oxygen Forensic Detective
- Commercial tools
- Forensic methods used to extract third-party application data
- Windows Phone applications
- Android applications
- iOS applications
- iOS Android and Windows Phone application data storage
- Encoding versus encryption
- Social networking applications
- Financial applications
- Secure applications
- GPS applications
- Chat applications
- Introduction to third-party applications
- Parsing Third-Party Application Files
- Summary
- Extracting internet history
- Extracting call history
- Extracting contacts and SMS
- Key artifacts for examination
- SD card data extraction methods
- Extracting data without the use of commercial tools
- Commercial forensic tool acquisition methods
- Data acquisition
- Windows Phone filesystem
- App sandboxing
- Capability-based model
- Encryption
- Chambers
- Windows 10 Mobile security model
- Windows Phone OS
- Windows Phone Forensics
- Section 3: Windows Forensics and Third-Party Apps
- Summary
- Identifying Android malware
- How does Android malware spread?
- Types of Android malware
- Android malware
- Steps to reverse engineer Android apps
- Extracting an APK file from an Android device
- Techniques to reverse engineer an Android application
- Google Chrome Android app analysis
- Gmail Android app analysis
- Skype Android app analysis
- WhatsApp Android app analysis
- Facebook Android app analysis
- Analyzing widely used Android apps to retrieve valuable data
- Android App Analysis Malware and Reverse Engineering
- Summary
- Recovering contacts using your Google account
- Recovering files using file-carving techniques
- Recovering deleted files by parsing SQLite files
- Recovering data deleted from the internal memory
- Recovering deleted data from an external SD card
- Understanding techniques to recover deleted files from the SD card and the internal memory
- Analyzing an image using Autopsy
- Adding an image to Autopsy
- The Autopsy platform
- Analyzing and extracting data from Android image files using the Autopsy tool
- Android Data Analysis and Recovery
- Summary
- The chip-off technique
- Joint Test Action Group
- Imaging a memory (SD) card
- Imaging an Android phone
- Physical data extraction
- Using content providers
- ADB dumpsys extraction
- ADB backup extraction
- Analysis of social networking/IM chats
- Extracting browser history information
- Extracting SMS/MMS
- Extracting call logs
- Extracting device information
- Using SQLite Browser to view the data
- ADB pull data extraction
- Logical data extraction
- Manual data extraction
- Understanding data extraction techniques
- Android Data Extraction Techniques
- Summary
- Root access - ADB shell
- Rooting an Android device
- Understanding the rooting process
- What is rooting?
- Gaining root access
- Other techniques
- Crashing the lock screen UI in Android 5.x
- Secure USB debugging bypass in Android 4.4.2
- Secure USB debugging bypass using ADB keys
- Bypassing third-party lock screens by booting into safe mode
- Using the forgot password/forgot pattern option
- Smudge attack
- Bypass using Find My Mobile (for Samsung phones only)
- Using Android Device Manager
- Using automated tools
- Flashing a new recovery partition
- Checking for the modified recovery mode and ADB connection
- Updating the settings.db file
- Deleting the gesture.key file
- Using ADB to bypass the screen lock
- Screen lock bypassing techniques
- Handling an Android device
- Basic Linux commands
- Accessing the adb shell
- Killing the local ADB server
- Detecting connected devices
- Accessing the device using adb
- USB debugging
- The Android debug bridge
- Accessing the connected device
- Installing device drivers
- Identifying the device cable
- Connecting an Android device to a workstation
- Creating an Android virtual device
- Installing the Android platform tools
- Installing the software
- Setting up a forensic environment for Android
- Android Forensic Setup and Pre-Data Extraction Techniques
- Summary
- Pseudo filesystems
- Media-based filesystems
- Flash memory filesystems
- Common filesystems found on Android
- Viewing filesystems on an Android device
- The Android filesystem
- The Android file hierarchy
- Verified Boot
- TEE
- Android Keystore
- FDE
- Security-Enhanced Linux (SELinux)
- Application signing
- Secure IPC
- Application sandbox
- The permission model
- Secure kernel
- Android security
- The system apps layer
- The Java API framework layer
- ART
- Dalvik Virtual Machine (DVM)
- Libraries
- The Hardware Abstraction Layer
- The Linux kernel layer
- The Android architecture
- The evolution of Android
- Understanding Android
- Section 2: Android Forensics
- Summary
- Filesystem analysis with Elcomsoft Phone Viewer
- Features of Elcomsoft Phone Viewer
- Working with Elcomsoft Phone Viewer
- Logical acquisition and analysis with Belkasoft Evidence Center
- Features of Belkasoft Evidence Center
- Working with Belkasoft Evidence Center
- Logical acquisition and analysis with Magnet AXIOM
- Features of Magnet AXIOM
- Working with Magnet AXIOM
- Advanced logical acquisition and analysis with Cellebrite UFED Physical Analyzer
- Features of Cellebrite UFED Physical Analyzer
- Working with Cellebrite UFED Physical Analyzer
- iOS Forensic Tools
- Summary
- Recovering deleted SQLite records
- Downloaded third-party applications
- Wallpaper
- Thumbnails
- Photos
- Local dictionary
- Other important files
- Important plist files
- Property lists
- Phone numbers
- Device interaction
- Recordings
- Voicemail
- Safari bookmarks and history
- Notes
- Calendar events
- Short Message Service (SMS) messages
- Call history
- Address book images
- Address book contacts
- Key artifacts – important iOS database files
- Accessing a database using commercial tools
- Exploring standard SQL queries
- Exploring SQLite special commands
- Connecting to a database
- Working with SQLite databases
- WebKit/Chrome time
- Mac absolute time
- Unix timestamps
- Interpreting iOS timestamps
- iOS Data Analysis and Recovery
- Summary
- Extracting iCloud backups
- Working with iCloud backups
- Elcomsoft Phone Breaker
- Handling encrypted backup files
- iExplorer
- iBackup Viewer
- Extracting unencrypted backups
- manifest.db
- status.plist
- manifest.plist
- info.plist
- Understanding the backup structure
- Creating and analyzing backups with iTunes
- Working with iTunes backups
- Data Acquisition from iOS Backups
- Summary
- Practical filesystem acquisition with Elcomsoft iOS Forensic Toolkit
- Practical filesystem acquisition with free tools
- Practical jailbreaking
- Filesystem acquisition
- Practical logical acquisition with Magnet ACQUIRE
- Practical logical acquisition with the Belkasoft Acquisition Tool
- Practical logical acquisition with libimobiledevice
- Logical acquisition
- Password protection and potential bypasses
- Setting up the forensic environment
- DFU mode
- Recovery mode
- Normal mode
- Operating modes of iOS devices
- Data Acquisition from iOS Devices
- Summary
- Jailbreaking
- The App Store
- Activation Lock
- Data wiping
- Data Execution Prevention (DEP)
- Stack-smashing protection
- Privilege separation
- Address Space Layout Randomization (ASLR)
- Data protection
- Encryption
- Sandboxing
- Code signing
- Passcodes Touch ID and Face ID
- iOS security
- The iOS architecture
- The iPhone OS
- Disk layout
- The APFS structure
- The APFS filesystem
- The HFS Plus volume
- The HFS Plus filesystem
- The HFS Plus and APFS filesystems
- Understanding the iPad hardware
- iPad models and hardware
- Understanding the iPhone hardware
- Identifying the correct hardware model
- iPhone models and hardware
- Understanding the Internals of iOS Devices
- Section 1: iOS Forensics
- Summary
- Reporting
- Documenting the evidence and changes
- Preserving the evidence
- Securing the evidence
- Good forensic practices
- Rules of evidence
- Examination and analysis
- Potential evidence stored on mobile phones
- Manual acquisition
- Logical acquisition
- Physical acquisition
- Data acquisition methods
- Micro read
- Chip-off
- Hex dump
- Logical analysis
- Manual extraction
- Mobile forensic tool leveling system
- Windows Phone
- iOS
- Android
- Understanding mobile operating systems
- Practical mobile forensic approaches
- The archiving phase
- The documenting and reporting phase
- The verification phase
- The processing phase
- The isolation phase
- The preparation phase
- Other sources of potential evidence
- Data storage media
- The make model and identifying information for the device
- Data that needs to be extracted
- The legal authority
- The identification phase
- The evidence intake phase
- The mobile phone evidence extraction process
- Challenges in mobile forensics
- Understanding mobile forensics
- The need for mobile forensics
- Introduction to Mobile Forensics
- Reviews
- Get in touch
- Disclaimer
- Conventions used
- Download the color images
- To get the most out of this book
- What this book covers
- Who this book is for
- Preface
- Packt is searching for authors like you
- About the reviewers
- About the authors
- Contributors
- Why subscribe?
- About Packt
- Practical Mobile Forensics Fourth Edition
- Copyright and Credits
- Title Page
- 封面
- 封面
- Title Page
- Copyright and Credits
- Practical Mobile Forensics Fourth Edition
- About Packt
- Why subscribe?
- Contributors
- About the authors
- About the reviewers
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the color images
- Conventions used
- Disclaimer
- Get in touch
- Reviews
- Introduction to Mobile Forensics
- The need for mobile forensics
- Understanding mobile forensics
- Challenges in mobile forensics
- The mobile phone evidence extraction process
- The evidence intake phase
- The identification phase
- The legal authority
- Data that needs to be extracted
- The make model and identifying information for the device
- Data storage media
- Other sources of potential evidence
- The preparation phase
- The isolation phase
- The processing phase
- The verification phase
- The documenting and reporting phase
- The archiving phase
- Practical mobile forensic approaches
- Understanding mobile operating systems
- Android
- iOS
- Windows Phone
- Mobile forensic tool leveling system
- Manual extraction
- Logical analysis
- Hex dump
- Chip-off
- Micro read
- Data acquisition methods
- Physical acquisition
- Logical acquisition
- Manual acquisition
- Potential evidence stored on mobile phones
- Examination and analysis
- Rules of evidence
- Good forensic practices
- Securing the evidence
- Preserving the evidence
- Documenting the evidence and changes
- Reporting
- Summary
- Section 1: iOS Forensics
- Understanding the Internals of iOS Devices
- iPhone models and hardware
- Identifying the correct hardware model
- Understanding the iPhone hardware
- iPad models and hardware
- Understanding the iPad hardware
- The HFS Plus and APFS filesystems
- The HFS Plus filesystem
- The HFS Plus volume
- The APFS filesystem
- The APFS structure
- Disk layout
- The iPhone OS
- The iOS architecture
- iOS security
- Passcodes Touch ID and Face ID
- Code signing
- Sandboxing
- Encryption
- Data protection
- Address Space Layout Randomization (ASLR)
- Privilege separation
- Stack-smashing protection
- Data Execution Prevention (DEP)
- Data wiping
- Activation Lock
- The App Store
- Jailbreaking
- Summary
- Data Acquisition from iOS Devices
- Operating modes of iOS devices
- Normal mode
- Recovery mode
- DFU mode
- Setting up the forensic environment
- Password protection and potential bypasses
- Logical acquisition
- Practical logical acquisition with libimobiledevice
- Practical logical acquisition with the Belkasoft Acquisition Tool
- Practical logical acquisition with Magnet ACQUIRE
- Filesystem acquisition
- Practical jailbreaking
- Practical filesystem acquisition with free tools
- Practical filesystem acquisition with Elcomsoft iOS Forensic Toolkit
- Summary
- Data Acquisition from iOS Backups
- Working with iTunes backups
- Creating and analyzing backups with iTunes
- Understanding the backup structure
- info.plist
- manifest.plist
- status.plist
- manifest.db
- Extracting unencrypted backups
- iBackup Viewer
- iExplorer
- Handling encrypted backup files
- Elcomsoft Phone Breaker
- Working with iCloud backups
- Extracting iCloud backups
- Summary
- iOS Data Analysis and Recovery
- Interpreting iOS timestamps
- Unix timestamps
- Mac absolute time
- WebKit/Chrome time
- Working with SQLite databases
- Connecting to a database
- Exploring SQLite special commands
- Exploring standard SQL queries
- Accessing a database using commercial tools
- Key artifacts – important iOS database files
- Address book contacts
- Address book images
- Call history
- Short Message Service (SMS) messages
- Calendar events
- Notes
- Safari bookmarks and history
- Voicemail
- Recordings
- Device interaction
- Phone numbers
- Property lists
- Important plist files
- Other important files
- Local dictionary
- Photos
- Thumbnails
- Wallpaper
- Downloaded third-party applications
- Recovering deleted SQLite records
- Summary
- iOS Forensic Tools
- Working with Cellebrite UFED Physical Analyzer
- Features of Cellebrite UFED Physical Analyzer
- Advanced logical acquisition and analysis with Cellebrite UFED Physical Analyzer
- Working with Magnet AXIOM
- Features of Magnet AXIOM
- Logical acquisition and analysis with Magnet AXIOM
- Working with Belkasoft Evidence Center
- Features of Belkasoft Evidence Center
- Logical acquisition and analysis with Belkasoft Evidence Center
- Working with Elcomsoft Phone Viewer
- Features of Elcomsoft Phone Viewer
- Filesystem analysis with Elcomsoft Phone Viewer
- Summary
- Section 2: Android Forensics
- Understanding Android
- The evolution of Android
- The Android architecture
- The Linux kernel layer
- The Hardware Abstraction Layer
- Libraries
- Dalvik Virtual Machine (DVM)
- ART
- The Java API framework layer
- The system apps layer
- Android security
- Secure kernel
- The permission model
- Application sandbox
- Secure IPC
- Application signing
- Security-Enhanced Linux (SELinux)
- FDE
- Android Keystore
- TEE
- Verified Boot
- The Android file hierarchy
- The Android filesystem
- Viewing filesystems on an Android device
- Common filesystems found on Android
- Flash memory filesystems
- Media-based filesystems
- Pseudo filesystems
- Summary
- Android Forensic Setup and Pre-Data Extraction Techniques
- Setting up a forensic environment for Android
- Installing the software
- Installing the Android platform tools
- Creating an Android virtual device
- Connecting an Android device to a workstation
- Identifying the device cable
- Installing device drivers
- Accessing the connected device
- The Android debug bridge
- USB debugging
- Accessing the device using adb
- Detecting connected devices
- Killing the local ADB server
- Accessing the adb shell
- Basic Linux commands
- Handling an Android device
- Screen lock bypassing techniques
- Using ADB to bypass the screen lock
- Deleting the gesture.key file
- Updating the settings.db file
- Checking for the modified recovery mode and ADB connection
- Flashing a new recovery partition
- Using automated tools
- Using Android Device Manager
- Bypass using Find My Mobile (for Samsung phones only)
- Smudge attack
- Using the forgot password/forgot pattern option
- Bypassing third-party lock screens by booting into safe mode
- Secure USB debugging bypass using ADB keys
- Secure USB debugging bypass in Android 4.4.2
- Crashing the lock screen UI in Android 5.x
- Other techniques
- Gaining root access
- What is rooting?
- Understanding the rooting process
- Rooting an Android device
- Root access - ADB shell
- Summary
- Android Data Extraction Techniques
- Understanding data extraction techniques
- Manual data extraction
- Logical data extraction
- ADB pull data extraction
- Using SQLite Browser to view the data
- Extracting device information
- Extracting call logs
- Extracting SMS/MMS
- Extracting browser history information
- Analysis of social networking/IM chats
- ADB backup extraction
- ADB dumpsys extraction
- Using content providers
- Physical data extraction
- Imaging an Android phone
- Imaging a memory (SD) card
- Joint Test Action Group
- The chip-off technique
- Summary
- Android Data Analysis and Recovery
- Analyzing and extracting data from Android image files using the Autopsy tool
- The Autopsy platform
- Adding an image to Autopsy
- Analyzing an image using Autopsy
- Understanding techniques to recover deleted files from the SD card and the internal memory
- Recovering deleted data from an external SD card
- Recovering data deleted from the internal memory
- Recovering deleted files by parsing SQLite files
- Recovering files using file-carving techniques
- Recovering contacts using your Google account
- Summary
- Android App Analysis Malware and Reverse Engineering
- Analyzing widely used Android apps to retrieve valuable data
- Facebook Android app analysis
- WhatsApp Android app analysis
- Skype Android app analysis
- Gmail Android app analysis
- Google Chrome Android app analysis
- Techniques to reverse engineer an Android application
- Extracting an APK file from an Android device
- Steps to reverse engineer Android apps
- Android malware
- Types of Android malware
- How does Android malware spread?
- Identifying Android malware
- Summary
- Section 3: Windows Forensics and Third-Party Apps
- Windows Phone Forensics
- Windows Phone OS
- Windows 10 Mobile security model
- Chambers
- Encryption
- Capability-based model
- App sandboxing
- Windows Phone filesystem
- Data acquisition
- Commercial forensic tool acquisition methods
- Extracting data without the use of commercial tools
- SD card data extraction methods
- Key artifacts for examination
- Extracting contacts and SMS
- Extracting call history
- Extracting internet history
- Summary
- Parsing Third-Party Application Files
- Introduction to third-party applications
- Chat applications
- GPS applications
- Secure applications
- Financial applications
- Social networking applications
- Encoding versus encryption
- iOS Android and Windows Phone application data storage
- iOS applications
- Android applications
- Windows Phone applications
- Forensic methods used to extract third-party application data
- Commercial tools
- Oxygen Forensic Detective
- Magnet AXIOM
- UFED Physical Analyzer
- Open source/free tools
- Working with Autopsy
- Other methods of extracting application data
- Summary
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-06-24 16:39:54
