Practical Mobile Forensics - Fourth Edition

Key Features

• Apply advanced forensic techniques to recover deleted data from mobile devices
• Retrieve and analyze data stored not only on mobile devices but also on the cloud and other connected mediums
• Use the power of mobile forensics on popular mobile platforms by exploring different tips, tricks, and techniques

Book Description

Mobile phone forensics is the science of retrieving data from a mobile phone under forensically sound conditions. This updated fourth edition of Practical Mobile Forensics delves into the concepts of mobile forensics and its importance in today's world.

The book focuses on teaching you the latest forensic techniques to investigate mobile devices across various mobile platforms. You will learn forensic techniques for multiple OS versions, including iOS 11 to iOS 13, Android 8 to Android 10, and Windows 10. The book then takes you through the latest open source and commercial mobile forensic tools, enabling you to analyze and retrieve data effectively. From inspecting the device and retrieving data from the cloud, through to successfully documenting reports of your investigations, you'll explore new techniques while building on your practical knowledge. Toward the end, you will understand the reverse engineering of applications and ways to identify malware. Finally, the book guides you through parsing popular third-party applications, including Facebook and WhatsApp.

By the end of this book, you will be proficient in various mobile forensic techniques to analyze and extract data from mobile devices with the help of open source solutions.

What you will learn

• Discover new data extraction, data recovery, and reverse engineering techniques in mobile forensics
• Understand iOS, Windows, and Android security mechanisms
• Identify sensitive files on every mobile platform
• Extract data from iOS, Android, and Windows platforms
• Understand malware analysis, reverse engineering, and data analysis of mobile devices
• Explore various data recovery techniques on all three mobile platforms

Who this book is for

This book is for forensic examiners with basic experience in mobile forensics or open source solutions for mobile forensics. Computer security professionals, researchers or anyone looking to gain a deeper understanding of mobile internals will also find this book useful. Some understanding of digital forensic practices will be helpful to grasp the concepts covered in the book more effectively.

主要特點

• 應用先進的法醫技術從移動設備中恢復刪除的數據


• 檢索和分析存儲在移動設備以及雲端和其他連接媒介上的數據


• 通過探索不同的技巧和技術，在流行的移動平台上使用移動設備法醫的力量

書籍描述

移動設備法醫學是在法醫學條件下從移動設備中檢索數據的科學。這本更新的第四版《實用移動設備法醫學》深入探討了移動設備法醫學的概念及其在當今世界的重要性。

本書重點介紹了教授您在各種移動平台上調查移動設備的最新法醫技術。您將學習多個操作系統版本的法醫技術，包括iOS 11至iOS 13、Android 8至Android 10和Windows 10。本書還介紹了最新的開源和商業移動設備法醫工具，使您能夠有效地分析和檢索數據。從檢查設備並從雲端檢索數據，到成功記錄調查報告，您將在構建實踐知識的同時探索新技術。最後，本書將指導您進行應用程序的逆向工程和識別惡意軟件的方法。最後，本書將指導您解析流行的第三方應用程序，包括Facebook和WhatsApp。

通過閱讀本書，您將能夠熟練掌握各種移動設備法醫技術，並借助開源解決方案從移動設備中分析和提取數據。

您將學到什麼

• 在移動設備法醫學中發現新的數據提取、數據恢復和逆向工程技術


• 了解iOS、Windows和Android的安全機制


• 識別每個移動平台上的敏感文件


• 從iOS、Android和Windows平台提取數據


• 了解移動設備的惡意軟件分析、逆向工程和數據分析


• 探索所有三個移動平台上的各種數據恢復技術

適合閱讀對象

本書適合具有基本移動設備法醫學或開源解決方案移動設備法醫學經驗的法醫檢查員。計算機安全專業人員、研究人員或任何希望深入了解移動內部結構的人也會發現本書有用。對數字法醫實踐有一定了解將有助於更有效地理解本書中涵蓋的概念。

Rohit Tamma is a senior program manager currently working with Microsoft. With over 10 years of experience in the field of security, his background spans management and technical consulting roles in the areas of application and cloud security, mobile security, penetration testing, and secure coding. Rohit has also co-authored Learning Android Forensics, from Packt, which explain various ways to perform forensics on mobile platforms. You can contact him on Twitter at @RohitTamma.

Oleg Skulkin is a senior digital forensic analyst at Group-IB, one of the global leaders in preventing and investigating high-tech crimes and online fraud. He holds a number of certifications, including GCFA, GCTI, and MCFE. Oleg has also co-authored Windows Forensics Cookbook, and Learning Android Forensics, both from Packt, as well as many blog posts and articles on digital forensics, incident response, and threat hunting that you can find online. You can contact him on Twitter at @oskulkin.

Heather Mahalik is the senior director of digital intelligence at Cellebrite. She is a senior instructor and author for the SANS Institute, and she is also the course lead for the FOR585 Smartphone Forensic Analysis In-Depth course. With 18 years of experience in digital forensics, she continues to thrive on smartphone investigations, digital forensics, forensic course development and instruction, and research on application analysis and smartphone forensics.

Satish Bommisetty is a security architect currently working with JDA. His primary areas of interest include web and mobile application security, cloud security, and iOS forensics. He has presented at security conferences, such as ClubHACK and C0C0n. Satish is one of the top bug bounty hunters and is listed in the halls of fame of Google, Facebook, PayPal, Microsoft, Yahoo, Salesforce, and more, for identifying and reporting their security vulnerabilities. You can reach him on Twitter at @satishb3.

Rohit Tamma 是一位高級計畫經理，目前在微軟工作。他在安全領域擁有超過10年的經驗，背景涵蓋應用程式和雲端安全、行動安全、滲透測試和安全編碼等管理和技術顧問角色。Rohit還與Packt合著了《學習Android取證》一書，該書介紹了在移動平台上進行取證的各種方法。您可以在Twitter上通過@RohitTamma與他聯繫。

Oleg Skulkin 是Group-IB的高級數位取證分析師，該公司是全球領先的高科技犯罪和網絡詐騙預防和調查機構之一。他擁有多個認證，包括GCFA、GCTI和MCFE。Oleg還與Packt合著了《Windows取證食譜》和《學習Android取證》兩本書，並在網上發表了許多關於數位取證、事件回應和威脅獵殺的博客文章和文章。您可以在Twitter上通過@oskulkin與他聯繫。

Heather Mahalik 是Cellebrite的高級數位情報總監。她是SANS Institute的高級講師和作者，也是FOR585智慧手機數位取證深入課程的課程負責人。擁有18年的數位取證經驗，她在智慧手機調查、數位取證、取證課程開發和教學以及應用程式分析和智慧手機取證研究方面持續取得成功。

Satish Bommisetty 是一位安全架構師，目前在JDA工作。他主要關注網頁和行動應用程式安全、雲端安全和iOS取證。他曾在ClubHACK和C0C0n等安全會議上發表演講。Satish是頂尖的賞金獵人之一，並因發現並報告Google、Facebook、PayPal、Microsoft、Yahoo、Salesforce等公司的安全漏洞而被列入名人堂。您可以在Twitter上通過@satishb3與他聯繫。

1. Introduction to Mobile Forensics
2. Understanding the Internals of iOS Devices
3. Data Acquisition from iOS Devices
4. Data Acquisition from iOS Backups
5. iOS Data Analysis and Recovery
6. iOS Forensic Tools
7. Understanding Android
8. Android Forensic Setup and Pre-Data Extraction Techniques
9. Android Data Extraction Techniques
10. Android Data Analysis and Recovery
11. Android App Analysis, Malware, and Reverse Engineering
12. Windows Phone Forensics
13. Parsing Third-Party Application Files

- 行動取證入門
- 了解 iOS 裝置的內部結構
- 從 iOS 裝置中取得數據
- 從 iOS 備份中取得數據
- iOS 數據分析與恢復
- iOS 取證工具
- 了解 Android
- Android 取證設置與資料前提取技術
- Android 數據提取技術
- Android 數據分析與恢復
- Android 應用程式分析、惡意軟體和逆向工程
- Windows Phone 取證
- 解析第三方應用程式檔案