What this book covers

Chapter 1, Mobile Forensics and the Investigation Process Model, talks about the importance of smartphone forensics in our continually growing digital world. We will then describe smartphone forensic models and how they have evolved with time. We will also point out challenges that today's investigators face in the smartphone forensics evidence acquisition process.

Chapter 2, Do It Yourself – Low-Level Techniques, covers the techniques used to carve files and to manually extract GPS data, and explains how things are in there at a low level. This chapter will also cover some techniques that extract strings from different objects (for example, smartphone images) and it will also describe the basics of reverse engineering smartphone applications.

Chapter 3, iDevices from a Forensic Point of View, provides an overview of the forensic approach of an iOS device. We will introduce iOS architecture components and filesystems. This chapter will indicate the methodologies, techniques, and tools used to acquire evidence from iOS devices. It will also point out the difference between different modes (DFU and recovery), introduce the jailbreaking concept, and discuss the biometric aspect of iOS devices.

Chapter 4, Android Forensics, brings to light some important points about Android OS internals, filesystem, data structures, and security models. It will also discuss how it is possible to logically and physically acquire an Android device. We will also take a look at the JTAG and chip-off techniques; this chapter will also explain how to bypass lock screens, security, and encryption. In this chapter, we will discuss a real case of forensic analysis of a third-party application.

Chapter 5, Windows Phone 8 Forensics, introduces Windows Phone 8. In the first part of this chapter we will see the main difference between WP7 and WP8 and then, in the upcoming section, we will go through Windows 8 internals and describe WP8 security models and their implementation. This chapter also describes the WP filesystem, and then we will go through the steps to logically acquire a Windows Phone 8 device; we will also describe WP PINs and hardware encryption. Finally, we will cover evidence location in the Windows Phone registry and analyze Windows Phone PINs.

Chapter 6, Mobile Forensics – Best Practices, will go beyond the technical aspects of smartphone device forensics and introduce you to some of the best practices of recovering digital evidence from a mobile device under forensically sound conditions. This chapter will describe the methodology of the forensic process used for mobile devices and will present guidelines for specific activities in the handling of digital evidence.

Appendix, Preparing a Mobile Forensic Workstation, will show you how to prepare a mobile forensics workstation based on Santoku Linux.