31,19 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
Considering the emerging use of mobile phones, there is a growing need for mobile forensics. Mobile forensics focuses specifically on performing forensic examinations of mobile devices, which involves extracting, recovering and analyzing data for the purposes of information security, criminal and civil investigations, and internal investigations.
Mobile Forensics Cookbook starts by explaining SIM cards acquisition and analysis using modern forensics tools. You will discover the different software solutions that enable digital forensic examiners to quickly and easily acquire forensic images. You will also learn about forensics analysis and acquisition on Android, iOS, Windows Mobile, and BlackBerry devices. Next, you will understand the importance of cloud computing in the world of mobile forensics and understand different techniques available to extract data from the cloud. Going through the fundamentals of SQLite and Plists Forensics, you will learn how to extract forensic artifacts from these sources with appropriate tools.
By the end of this book, you will be well versed with the advanced mobile forensics techniques that will help you perform the complete forensic acquisition and analysis of user data stored in different devices.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 184
Veröffentlichungsjahr: 2017
Ähnliche
BIRMINGHAM - MUMBAI
Mobile Forensics Cookbook
Copyright © 2017 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: December 2017
Production reference: 1141217
ISBN 978-1-78528-205-8
www.packtpub.com
Credits
Author
Igor Mikhaylov
Copy Editor
Safis Editing
Reviewer
Rohit Tamma
Project Coordinator
Virginia Dias
Commissioning Editor
Kartikey Pandey
Proofreader
Safis Editing
Acquisition Editor
Rahul Nair
Indexer
Francy Puthiry
Content Development Editor
Sharon Raj
Graphics
Kirk D'Penha
Tania Dutta
Technical Editor
Mohit Hassija
Production Coordinator
Nilesh Mohite
About the Author
Igor Mikhaylov has been working as a forensics expert for 21 years. During this time, he had attended a lot of seminars and training classes in top forensic companies (such as Guidance Software, AccessData, and Cellebrite) and forensic departments of government organizations in the Russian Federation. He has experience and skills in computer forensics, incident response, cellphones forensics, chip-off forensics, malware forensics, data recovery, digital images analysis, video forensics, big data, and other fields. He has worked on several thousand forensic cases. When he works on a forensic case, he examines evidence using in-depth, industry-leading tools and techniques. He uses forensic software and hardware from leaders in the forensics industry. He has written three tutorials on cellphone forensics and incident response for Russian-speaking forensics experts.
He is the reviewer of Windows Forensics Cookbook by Oleg Skulkin and Scar de Courcier, Packt Publishing.
About the Reviewer
Rohit Tamma is a Security Program Manager currently working with Microsoft. With over 8 years of experience in the field of security, his background spans management and technical consulting roles in the areas of application and cloud security, mobile security, penetration testing, and security training. His past experiences includes working with Accenture, ADP, and TCS, driving security programs for various client teams. Rohit has also coauthored a couple of books, such as Practical Mobile Forensics and Learning Android Forensics by Packt Publishing, which explain various techniques to perform forensics on mobile platforms. You can contact him on Twitter at @RohitTamma.
www.PacktPub.com
For support files and downloads related to your book, please visit www.PacktPub.com. Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www.packtpub.com/mapt
Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.
Why subscribe?
Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser
Customer Feedback
Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at
Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/1785282050.
If you'd like to join our team of regular reviewers, you can email us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!
If you'd like to join our team of regular reviewers, you can email us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!
Table of Contents
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Getting ready
How to do it…
How it works…
There's more…
See also
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
SIM Card Acquisition and Analysis
Introduction
SIM card acquisition and analysis with TULP2G
Getting ready
How to do it...
How it works...
See also
SIM card acquisition and analysis with MOBILedit Forensics
Getting ready
How to do it...
How it works...
See also
SIM card acquisition and analysis with SIMCon
Getting ready
How to do it...
How it works...
See also
SIM card acquisition and analysis with Oxygen Forensic
Getting ready
How to do it...
How it works...
There's more...
See also
Android Device Acquisition
Introduction
Preparatory work
Preparing the mobile device
Preparing the workstation
Manual assembling of ADB driver
See also
Android device acquisition with Oxygen Forensic
How to do it…
How it works…
There’s more…
See also
Android device acquisition with MOBILedit Forensic
How to do it…
How it works…
There’s more…
See also
Android device acquisition with Belkasoft Acquisition Tool
Getting ready
How to do it…
How it works…
See also
Android device acquisition with Magnet Aсquire
Getting ready
How to do it…
How it works…
There's more…
See also
Making physical dumps of Android device without rooting
Getting ready
How to do it…
How it works…
There's more…
Unlocking locked Android device
Getting ready
How to do it…
How it works…
See also
Acquiring Android device through Wi-Fi
Getting ready
How to do it…
How it works…
See also
Samsung Android device acquisition with Smart Switch
Getting ready
How to do it…
How it works…
There's more…
See also
Apple Device Acquisition
Introduction
Apple device acquisition with Oxygen Forensics
Getting ready
How to do it…
Apple device acquisition with libmobiledevice
Getting ready
How to do it…
Apple device acquisition with Elcomsoft iOS Toolkit
Getting ready
How to do it…
How it works…
See also
Apple device acquisition with iTunes
Getting ready
How to do it…
How it works…
There’s more…
See also
Unlocking a locked Apple device
How to do it…
How it works…
There’s more…
Windows Phone and BlackBerry Acquisition
Introduction
BlackBerry acquisition with Oxygen Forensic
Getting ready
How to do it…
There's more…
BlackBerry acquisition with BlackBerry Desktop Software
Getting ready
How to do it…
There's more…
Connecting a device running Blackberry OS 5 or 6
Connecting a device running Blackberry OS 10
See also
Windows Phone acquisition with Oxygen Forensic
Getting ready
How to do it…
There's more…
Windows Phone acquisition with UFED 4PC
Getting ready
How to do it…
See also
Clouds are Alternative Data Sources
Introduction
Using Cloud Extractor to extract data from Android devices from the cloud
How to do it…
Using Electronic Evidence Examiner to extract data from a Facebook account
Getting ready
How to do it…
Using Elcomsoft Phone Breaker to extract data from iCloud
Getting ready
How to do it…
There's more…
Using Belkasoft Evidence Center to extract data from iCloud
How to do it…
SQLite Forensics
Introduction
Parsing SQLite databases with Belkasoft Evidence Center
How to do it…
Parsing SQLite databases with DB Browser for SQLite
Getting ready
How to do it…
There’s more…
See also
Parsing SQLite databases with Oxygen Forensic SQLite Viewer
Getting ready
How to do it…
There’s more…
Parsing SQLite databases with SQLite Wizard
Getting ready
How to do it…
See also
Understanding Plist Forensics
Introduction
Parsing plist with Apple Plist Viewer
How to do it…
Parsing plist with Belkasoft Evidence Center
How to do it…
Parsing plist with plist Editor Pro
Getting ready
How to do it…
Parsing plist with Plist Explorer
Getting ready
How to do it…
There's more...
Analyzing Physical Dumps and Backups of Android Devices
Introduction
Android physical dumps and backups parsing with Autopsy
Getting ready
How to do it…
See also
Android TOT container parsing with Oxygen Forensics
How to do it…
Android backups parsing with Belkasoft Evidence Center
How to do it…
There's more…
Android physical dumps and backups parsing with AXIOM
Getting ready
How to do it…
See also
Android physical dumps parsing with Encase Forensic
Getting ready
How to do it…
See also
Thumbnails analysis with ThumbnailExpert
Getting ready
How to do it…
There’s more…
See also
iOS Forensics
Introduction
iOS backup parsing with iPhone Backup Extractor
Getting ready
How to do it…
See also
iOS backup parsing with UFED Physical Analyzer
Getting ready
How to do it…
iOS backup parsing with BlackLight
Getting ready
How to do it…
See also
iOS physical dump and backup parsing with Oxygen Forensic
How to do it…
iOS backup parsing with Belkasoft Evidence Center
How to do it…
iOS backup parsing with AXIOM
How to do it…
iOS backup parsing with Encase Forensic
How to do it…
iOS backup parsing with Elcomsoft Phone Viewer
Getting ready
How to do it…
See also
Thumbnail analysis with iThmb Converter
Getting ready
How to do it…
See also
Windows Phone and BlackBerry Forensics
Introduction
BlackBerry backup parsing with Elcomsoft Blackberry Backup Explorer Pro
Getting ready
How to do it…
See also
BlackBerry backup parsing with Oxygen Forensic
How to do it…
Windows Phone physical dump and backup parsing with Oxygen Forensic
How to do it…
Windows Phone physical dump parsing with UFED Physical Analyzer
Getting ready
How to do it…
JTAG and Chip-off Techniques
Introduction
A sample Android device JTAG
How to do it...
See also
A sample Android device chip-off
Getting ready
How to do it…
There's more…
See also
A sample Windows Phone device JTAG
How to do it...
A sample iPhone device chip-off
Getting ready
How to do it…
See also
Preface
Mobile devices (such as phones, smartphones, tablets, and other electronic gadgets) are everywhere in our life. We use them every day. Users are increasingly using mobile devices as a means of communicating with other people. It's not just voice calls. This is communication through various instant messaging (such as Skype, iChat, WhatsApp, and Viber) and social networking applications (such as Facebook).
Usually, mobile devices contain a lot of personal data about their owners.
In this book, we will deal with forensic tools for mobile forensics and practical tips and tricks for successfully using them.
What this book covers
Chapter 1, SIM Card Acquisition and Analysis, will guide you through SIM card acquisition and analysis with TULP2G, MOBILedit Forensic, Oxygen Forensic, and Simcon. You will also learn how to analyze SIM cards with TULP2G, MOBILedit Forensic, Oxygen Forensic, and Simcon.
Chapter 2, Android Device Acquisition, will teach you how to acquire data from Android devices with Oxygen Forensic, MOBILedit Forensic, Belkasoft Acquisition Tool, Magnet Aсquire, and Smart Switch.
Chapter 3, Apple Device Acquisition, will teach you the acquisition of different iOS devices. You will learn how to acquire data from iOS devices with Oxygen Forensic, libmobiledevice, Elcomsoft iOS Toolkit, and iTunes.
Chapter 4, Windows Phone and BlackBerry Acquisition, will explain the acquisition of different Windows Phone devices and BlackBerry devices. You will also learn how to acquire data from Windows Phone devices and BlackBerry devices with Oxygen Forensic, BlackBerry Desktop Software, and UFED 4PC.
Chapter 5, Clouds are Alternative Data Sources, will deal with the acquisition of Clouds. In this chapter, you will also learn how to acquire data from Clouds with Cloud Extractor, Electronic Evidence Examiner, Elcomsoft Phone Breaker, and Belkasoft Evidence Center.
Chapter 6, SQLite Forensics, will teach you how to analyze SQLite databases. Also, you will learn how to extract and analyze data from SQLite databases with Belkasoft Evidence Center, DB Browser for SQLite, Oxygen Forensic SQLite Viewer, and SQLite Wizard.
Chapter 7, Understanding Plist Forensics, will help you to analyze plist files. You will learn how to extract and analyze data from plist files with Apple Plist Viewer, Belkasoft Evidence Center, plist Editor Pro, and Plist Explorer.
Chapter 8, Analyzing Physical Dumps and Backups of Android Devices, will teach you how to analyze data (physical dumps, backups, and so on) from Android devices. Also, you will learn how to extract and analyze the data with Autopsy, Oxygen Forensic, Belkasoft Evidence Center, Magnet AXIOM, and Encase Forensic.
Chapter 9, iOS Forensics, will explain how to analyze data from iOS devices. You will learn how to extract and analyze the data with iPhone Backup Extractor, UFED Physical Analyzer, BlackLight, Oxygen Forensic, Belkasoft Evidence Center, Magnet AXIOM, Encase Forensic, and Elcomsoft Phone Viewer.
Chapter 10, Windows Phone and BlackBerry Forensics, will teach how to analyze data from Windows Phone devices and BlackBerry devices. You will learn how to extract and analyze the data with Elcomsoft Blackberry Backup Explorer Pro, Oxygen Forensic, and UFED Physical Analyzer.
Chapter 11, JTAG and Chip-off Techniques, will show you how to extract data from locked or damaged Android devices, Windows Phone devices, and Apple devices.
What you need for this book
The following software is required for this book:
AccessData FTK Imager
Autopsy
Belkasoft Acquisition
Belkasoft Evidence Center
BlackBerry Desktop Software
BlackLigh
Cellebrite UFED4PC
DB Browser for SQLite
Elcomsoft Blackberry Backup Explorer Pro
Elcomsoft iOS Toolkit
Elcomsoft Phone Breaker
Elcomsoft Phone Viewer
Encase Forensic
iPhone Backup Extractor
iThmb Converter
iTunes
libmobiledevice
Magnet AXIOM
Magnet Aсquire
MobilEdit Forensics
Oxygen Software
Paraben Electronic Evidence Examiner
PC 3000 Flash
Plist Editor Pro
Plist Explorer
SIMCon
Smart Switch
ThumbExpert
TULP2G
UFED Physical Analyzer
Z3X EasyJtag BOX JTAG Classic Suite
Most of the commercial tools in this list have trial versions available that can be downloaded for free. Download links are provided in the chapters.
Who this book is for
If you are a mobile forensic analyst, forensic analyst, or digital forensic student who wants to conduct mobile forensic investigations on different platforms, such as Android OS, iOS, Windows Phone, or BlackBerry OS, then this book is for you.
Sections
In this book, you will find several headings that appear frequently (Getting ready, How to do it…, How it works…, There's more…, and See also). To give clear instructions on how to complete a recipe, we use these sections as follows:
Getting ready
This section tells you what to expect in the recipe, and describes how to set up any software or any preliminary settings required for the recipe.
How to do it…
This section contains the steps required to follow the recipe.
How it works…
This section usually consists of a detailed explanation of what happened in the previous section.
There's more…
This section consists of additional information about the recipe in order to make the reader more knowledgeable about the recipe.
See also
This section provides helpful links to other useful information for the recipe.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of. To send us general feedback, simply email [email protected], and mention the book's title in the subject of your message. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title. To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear in the Errata section.
Piracy
Piracy of copyrighted material on the internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the internet, please provide us with the location address or website name immediately so that we can pursue a remedy. Please contact us at [email protected] with a link to the suspected pirated material. We appreciate your help in protecting our authors and our ability to bring you valuable content.
Questions
If you have a problem with any aspect of this book, you can contact us at [email protected], and we will do our best to address the problem.
SIM Card Acquisition and Analysis
In this chapter, we'll cover the following recipes:
SIM card acquisition and analysis with TULP2G
SIM card acquisition and analysis with MOBILedit Forensics
SIM card acquisition and analysis with SIMCon
SIM card acquisition and analysis with Oxygen Forensic
Introduction
The main function of a SIM card is the identification of a user of a cellular phone on the network so that they can get access to its services.
The following types of data, which are valuable for an expert or investigator, can be found in the SIM card:
