最新章節

• Leave a review - let other readers know what you think
• Other Books You May Enjoy
• Summary
• Other methods of extracting application data
• Autopsy
• Open source tools

• Leave a review - let other readers know what you think 更新時間：2021-06-30 19:33:58
• Other Books You May Enjoy
• Summary
• Other methods of extracting application data
• Autopsy
• Open source tools
• UFED Physical Analyzer
• Magnet IEF
• Oxygen Detective
• Commercial tools
• Forensic methods used to extract third-party application data
• Windows Phone applications
• Android applications
• iOS applications
• Application data storage
• Encoding versus encryption
• Social networking applications
• Financial applications
• Secure applications
• GPS applications
• Chat applications
• Third-party application overview
• Parsing Third-Party Application Files
• Summary
• Extracting internet history
• Extracting call history
• Extracting contacts and SMS
• Key artifacts for examination
• SD card data extraction methods
• Extracting data without the use of commercial tools
• Commercial forensic tool acquisition methods
• Data acquisition
• Windows Phone filesystem
• App sandboxing
• Capability-based model
• Encryption
• Chambers
• Security model
• Windows Phone OS
• Windows Phone Forensics
• Summary
• Identifying Android malware
• How does malware spread?
• Android malware
• Steps to reverse engineer Android apps
• Extracting an APK file from an Android device
• Reverse engineering Android apps
• Google Chrome Android app analysis
• Gmail Android app analysis
• Skype Android app analysis
• WhatsApp Android app analysis
• Facebook Android app analysis
• Analyzing Android apps
• Android App Analysis Malware and Reverse Engineering
• Summary
• Recovering contacts using your Google account
• Recovering files using file-carving techniques
• Recovering deleted files by parsing SQLite files
• Recovering data deleted from internal memory
• Recovering deleted data from an external SD card
• Android data recovery
• Analyzing an image using Autopsy
• Adding an image to Autopsy
• Autopsy
• Analyzing an Android image
• Android Data Analysis and Recovery
• Summary
• Chip-off
• Joint Test Action Group
• Imaging a memory (SD) card
• Imaging an Android phone
• Physical data extraction
• Using content providers
• ADB dumpsys extraction
• ADB backup extraction
• Analysis of social networking/IM chats
• Extracting browser history
• Extracting SMS/MMS
• Extracting call logs
• Extracting device information
• Using SQLite Browser to view the data
• ADB pull data extraction
• Logical data extraction
• Manual data extraction
• Data extraction techniques
• Android Data Extraction Techniques
• Summary
• Root access - adb shell
• Rooting an Android device
• What is rooting?
• Gaining root access
• Other techniques
• Crashing the lock screen UI in Android 5.x
• Securing the USB debugging bypass in Android 4.4.2
• Securing the USB debugging bypass using adb keys
• Bypassing third-party lock screens by booting into safe mode
• Using the Forgot Password/Forgot Pattern option
• Smudge attack
• Using Android Device Manager
• Using automated tools
• Flashing a new recovery partition
• Checking for the modified recovery mode and adb connection
• Updating the settings.db file
• Deleting the gesture.key file
• Using adb to bypass the screen lock
• Screen lock bypassing techniques
• Handling an Android device
• Basic Linux commands
• Accessing the adb shell
• Killing the local adb server
• Detecting connected devices
• Accessing the device using adb
• USB debugging
• The Android Debug Bridge
• Accessing the connected device
• Installing the device drivers
• Identifying the device cable
• Connecting an Android device to a workstation
• An Android Virtual Device
• The Android SDK installation
• The Android Software Development Kit
• Setting up the forensic environment for Android
• Android Forensic Setup and Pre-Data Extraction Techniques
• Summary
• Common file systems found on Android
• Viewing file systems on an Android device
• The Android file system
• The Android file hierarchy
• Trusted Execution Environment
• Full Disk Encryption
• Security-Enhanced Linux
• Application signing
• Secure inter-process communication
• Application sandbox
• The permission model
• Secure kernel
• Android security
• The system apps layer
• The Java API framework layer
• Android Runtime (ART)
• Dalvik virtual machine
• Libraries
• The Hardware Abstraction Layer
• The Linux kernel layer
• The Android model
• The evolution of Android
• Understanding Android
• Summary
• Logical acquisition and analysis with Oxygen Forensic Detective
• Features of Oxygen Forensic Detective
• Working with Oxygen Forensic Detective
• iTunes backup parsing and analysis with Belkasoft Evidence Center
• Features of Belkasoft Evidence Center
• Working with Belkasoft Evidence Center
• Logical acquisition and analysis with Magnet AXIOM
• Features of Magnet AXIOM
• Working with Magnet AXIOM
• Advanced logical acquisition and analysis with Cellebrite UFED Physical Analyzer
• Features of Cellebrite UFED Physical Analyzer
• Working with Cellebrite UFED Physical Analyzer
• iOS Forensic Tools
• Summary
• Recovering deleted SQLite records
• Apple Watch
• Downloaded applications
• Recordings
• Wallpaper
• Thumbnails
• Photos
• Keyboard cache
• Cookies
• Other important files
• The SystemPreferencesDomain plist files
• The WirelessDomain plist files
• The RootDomain plist files
• The HomeDomain plist files
• Important plist files
• Property lists
• Voicemail
• Consolidated GPS cache
• Photo metadata
• Safari bookmarks and cache
• Notes
• Calendar events
• SMS messages
• Call history
• Address book images
• Address book contacts
• Key artifacts – important iOS database files
• Accessing a database using commercial tools
• Standard SQL queries
• SQLite special commands
• Connecting to a database
• SQLite databases
• WebKit/Chrome time
• Mac absolute time
• Unix timestamps
• Timestamps
• iOS Data Analysis and Recovery
• Summary
• Extracting iCloud backups
• Working with iCloud backups
• Elcomsoft Phone Breaker
• Encrypted backup
• BlackLight
• iExplorer
• iBackup Viewer
• Extracting unencrypted backups
• manifest.db
• status.plist
• manifest.plist
• info.plist
• Understanding the backup structure
• Creating backups with iTunes
• iTunes backup
• Data Acquisition from iOS Backups
• Summary
• Practical physical acquisition with Elcomsoft iOS Forensic Toolkit
• Physical acquisition
• Practical filesystem acquisition with Elcomsoft iOS Forensic Toolkit
• Practical jailbreaking
• Filesystem acquisition
• Practical logical acquisition with Magnet ACQUIRE
• Practical logical acquisition with Belkasoft Acquisition Tool
• Practical logical acquisition with libimobiledevice
• Logical acquisition
• Password protection and potential bypasses
• Setting up the forensic environment
• DFU mode
• The recovery mode
• The normal mode
• Operating modes of iOS devices
• Data Acquisition from iOS Devices
• Summary
• Jailbreaking
• The App Store
• Activation Lock
• Data wipe
• Data execution prevention
• Stack-smashing protection
• Privilege separation
• Address Space Layout Randomization
• Data protection
• Encryption
• Sandboxing
• Code Signing
• Passcodes Touch ID and Face ID
• iOS security
• The iOS architecture
• iPhone operating system
• Disk layout
• The APFS structure
• The APFS filesystem
• The HFS Plus volume
• The HFS Plus filesystem
• The filesystem
• Understanding the Apple Watch hardware
• Apple Watch models
• Understanding the iPad hardware
• iPad models
• iPhone hardware
• Identifying the correct hardware model
• iPhone models
• Understanding the Internals of iOS Devices
• Summary
• Reporting
• Documenting the evidence and changes
• Preserving the evidence
• Securing the evidence
• Good forensic practices
• Rules of evidence
• Examination and analysis
• Potential evidence stored on mobile phones
• Manual acquisition
• Logical acquisition
• Physical acquisition
• Data acquisition methods
• Micro read
• Chip-off
• Hex dump
• Logical extraction
• Manual extraction
• Mobile forensic tool leveling system
• Windows Phone
• iOS
• Android
• Overview of mobile operating systems
• Practical mobile forensic approaches
• The archiving phase
• The presentation phase
• The documenting and reporting phase
• Using hash values
• Using multiple tools and comparing the results
• Comparing extracted data to the handset data
• The verification phase
• The processing phase
• The isolation phase
• The preparation phase
• Other sources of potential evidence
• Removable and external data storage
• The make model and identifying information for the device
• The goals of the examination
• The legal authority
• The identification phase
• The evidence intake phase
• The mobile phone evidence extraction process
• Challenges in mobile forensics
• Mobile forensics
• Why do we need mobile forensics?
• Introduction to Mobile Forensics
• Reviews
• Get in touch
• Conventions used
• Download the color images
• To get the most out of this book
• What this book covers
• Who this book is for
• Preface
• Packt is searching for authors like you
• About the reviewer
• About the authors
• Contributors
• PacktPub.com
• Why subscribe?
• Packt Upsell
• Title Page
• coverpage

• coverpage
• Title Page
• Packt Upsell
• Why subscribe?
• PacktPub.com
• Contributors
• About the authors
• About the reviewer
• Packt is searching for authors like you
• Preface
• Who this book is for
• What this book covers
• To get the most out of this book
• Download the color images
• Conventions used
• Get in touch
• Reviews
• Introduction to Mobile Forensics
• Why do we need mobile forensics?
• Mobile forensics
• Challenges in mobile forensics
• The mobile phone evidence extraction process
• The evidence intake phase
• The identification phase
• The legal authority
• The goals of the examination
• The make model and identifying information for the device
• Removable and external data storage
• Other sources of potential evidence
• The preparation phase
• The isolation phase
• The processing phase
• The verification phase
• Comparing extracted data to the handset data
• Using multiple tools and comparing the results
• Using hash values
• The documenting and reporting phase
• The presentation phase
• The archiving phase
• Practical mobile forensic approaches
• Overview of mobile operating systems
• Android
• iOS
• Windows Phone
• Mobile forensic tool leveling system
• Manual extraction
• Logical extraction
• Hex dump
• Chip-off
• Micro read
• Data acquisition methods
• Physical acquisition
• Logical acquisition
• Manual acquisition
• Potential evidence stored on mobile phones
• Examination and analysis
• Rules of evidence
• Good forensic practices
• Securing the evidence
• Preserving the evidence
• Documenting the evidence and changes
• Reporting
• Summary
• Understanding the Internals of iOS Devices
• iPhone models
• Identifying the correct hardware model
• iPhone hardware
• iPad models
• Understanding the iPad hardware
• Apple Watch models
• Understanding the Apple Watch hardware
• The filesystem
• The HFS Plus filesystem
• The HFS Plus volume
• The APFS filesystem
• The APFS structure
• Disk layout
• iPhone operating system
• The iOS architecture
• iOS security
• Passcodes Touch ID and Face ID
• Code Signing
• Sandboxing
• Encryption
• Data protection
• Address Space Layout Randomization
• Privilege separation
• Stack-smashing protection
• Data execution prevention
• Data wipe
• Activation Lock
• The App Store
• Jailbreaking
• Summary
• Data Acquisition from iOS Devices
• Operating modes of iOS devices
• The normal mode
• The recovery mode
• DFU mode
• Setting up the forensic environment
• Password protection and potential bypasses
• Logical acquisition
• Practical logical acquisition with libimobiledevice
• Practical logical acquisition with Belkasoft Acquisition Tool
• Practical logical acquisition with Magnet ACQUIRE
• Filesystem acquisition
• Practical jailbreaking
• Practical filesystem acquisition with Elcomsoft iOS Forensic Toolkit
• Physical acquisition
• Practical physical acquisition with Elcomsoft iOS Forensic Toolkit
• Summary
• Data Acquisition from iOS Backups
• iTunes backup
• Creating backups with iTunes
• Understanding the backup structure
• info.plist
• manifest.plist
• status.plist
• manifest.db
• Extracting unencrypted backups
• iBackup Viewer
• iExplorer
• BlackLight
• Encrypted backup
• Elcomsoft Phone Breaker
• Working with iCloud backups
• Extracting iCloud backups
• Summary
• iOS Data Analysis and Recovery
• Timestamps
• Unix timestamps
• Mac absolute time
• WebKit/Chrome time
• SQLite databases
• Connecting to a database
• SQLite special commands
• Standard SQL queries
• Accessing a database using commercial tools
• Key artifacts – important iOS database files
• Address book contacts
• Address book images
• Call history
• SMS messages
• Calendar events
• Notes
• Safari bookmarks and cache
• Photo metadata
• Consolidated GPS cache
• Voicemail
• Property lists
• Important plist files
• The HomeDomain plist files
• The RootDomain plist files
• The WirelessDomain plist files
• The SystemPreferencesDomain plist files
• Other important files
• Cookies
• Keyboard cache
• Photos
• Thumbnails
• Wallpaper
• Recordings
• Downloaded applications
• Apple Watch
• Recovering deleted SQLite records
• Summary
• iOS Forensic Tools
• Working with Cellebrite UFED Physical Analyzer
• Features of Cellebrite UFED Physical Analyzer
• Advanced logical acquisition and analysis with Cellebrite UFED Physical Analyzer
• Working with Magnet AXIOM
• Features of Magnet AXIOM
• Logical acquisition and analysis with Magnet AXIOM
• Working with Belkasoft Evidence Center
• Features of Belkasoft Evidence Center
• iTunes backup parsing and analysis with Belkasoft Evidence Center
• Working with Oxygen Forensic Detective
• Features of Oxygen Forensic Detective
• Logical acquisition and analysis with Oxygen Forensic Detective
• Summary
• Understanding Android
• The evolution of Android
• The Android model
• The Linux kernel layer
• The Hardware Abstraction Layer
• Libraries
• Dalvik virtual machine
• Android Runtime (ART)
• The Java API framework layer
• The system apps layer
• Android security
• Secure kernel
• The permission model
• Application sandbox
• Secure inter-process communication
• Application signing
• Security-Enhanced Linux
• Full Disk Encryption
• Trusted Execution Environment
• The Android file hierarchy
• The Android file system
• Viewing file systems on an Android device
• Common file systems found on Android
• Summary
• Android Forensic Setup and Pre-Data Extraction Techniques
• Setting up the forensic environment for Android
• The Android Software Development Kit
• The Android SDK installation
• An Android Virtual Device
• Connecting an Android device to a workstation
• Identifying the device cable
• Installing the device drivers
• Accessing the connected device
• The Android Debug Bridge
• USB debugging
• Accessing the device using adb
• Detecting connected devices
• Killing the local adb server
• Accessing the adb shell
• Basic Linux commands
• Handling an Android device
• Screen lock bypassing techniques
• Using adb to bypass the screen lock
• Deleting the gesture.key file
• Updating the settings.db file
• Checking for the modified recovery mode and adb connection
• Flashing a new recovery partition
• Using automated tools
• Using Android Device Manager
• Smudge attack
• Using the Forgot Password/Forgot Pattern option
• Bypassing third-party lock screens by booting into safe mode
• Securing the USB debugging bypass using adb keys
• Securing the USB debugging bypass in Android 4.4.2
• Crashing the lock screen UI in Android 5.x
• Other techniques
• Gaining root access
• What is rooting?
• Rooting an Android device
• Root access - adb shell
• Summary
• Android Data Extraction Techniques
• Data extraction techniques
• Manual data extraction
• Logical data extraction
• ADB pull data extraction
• Using SQLite Browser to view the data
• Extracting device information
• Extracting call logs
• Extracting SMS/MMS
• Extracting browser history
• Analysis of social networking/IM chats
• ADB backup extraction
• ADB dumpsys extraction
• Using content providers
• Physical data extraction
• Imaging an Android phone
• Imaging a memory (SD) card
• Joint Test Action Group
• Chip-off
• Summary
• Android Data Analysis and Recovery
• Analyzing an Android image
• Autopsy
• Adding an image to Autopsy
• Analyzing an image using Autopsy
• Android data recovery
• Recovering deleted data from an external SD card
• Recovering data deleted from internal memory
• Recovering deleted files by parsing SQLite files
• Recovering files using file-carving techniques
• Recovering contacts using your Google account
• Summary
• Android App Analysis Malware and Reverse Engineering
• Analyzing Android apps
• Facebook Android app analysis
• WhatsApp Android app analysis
• Skype Android app analysis
• Gmail Android app analysis
• Google Chrome Android app analysis
• Reverse engineering Android apps
• Extracting an APK file from an Android device
• Steps to reverse engineer Android apps
• Android malware
• How does malware spread?
• Identifying Android malware
• Summary
• Windows Phone Forensics
• Windows Phone OS
• Security model
• Chambers
• Encryption
• Capability-based model
• App sandboxing
• Windows Phone filesystem
• Data acquisition
• Commercial forensic tool acquisition methods
• Extracting data without the use of commercial tools
• SD card data extraction methods
• Key artifacts for examination
• Extracting contacts and SMS
• Extracting call history
• Extracting internet history
• Summary
• Parsing Third-Party Application Files
• Third-party application overview
• Chat applications
• GPS applications
• Secure applications
• Financial applications
• Social networking applications
• Encoding versus encryption
• Application data storage
• iOS applications
• Android applications
• Windows Phone applications
• Forensic methods used to extract third-party application data
• Commercial tools
• Oxygen Detective
• Magnet IEF
• UFED Physical Analyzer
• Open source tools
• Autopsy
• Other methods of extracting application data
• Summary
• Other Books You May Enjoy
• Leave a review - let other readers know what you think 更新時間：2021-06-30 19:33:58