Practical mobile forensics : forensically investigate and analyze iOS, Android, and Windows 10 devices / Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty.

Includes index.

Cover -- Title Page -- Copyright and Credits -- About Packt -- Contributors -- Table of Contents -- Preface -- Chapter 01: Introduction to Mobile Forensics -- The need for mobile forensics -- Understanding mobile forensics -- Challenges in mobile forensics -- The mobile phone evidence extraction process -- The evidence intake phase -- The identification phase -- The legal authority -- Data that needs to be extracted -- The make, model, and identifying information for the device -- Data storage media -- Other sources of potential evidence -- The preparation phase -- The isolation phaseThe processing phase -- The verification phase -- The documenting and reporting phase -- The archiving phase -- Practical mobile forensic approaches -- Understanding mobile operating systems -- Android -- iOS -- Windows Phone -- Mobile forensic tool leveling system -- Manual extraction -- Logical analysis -- Hex dump -- Chip-off -- Micro read -- Data acquisition methods -- Physical acquisition -- Logical acquisition -- Manual acquisition -- Potential evidence stored on mobile phones -- Examination and analysis -- Rules of evidence -- Good forensic practices -- Securing the evidence--The processing phase -- The verification phase -- The documenting and reporting phase -- The archiving phase -- Practical mobile forensic approaches -- Understanding mobile operating systems -- Android -- iOS -- Windows Phone -- Mobile forensic tool leveling system -- Manual extraction -- Logical analysis -- Hex dump -- Chip-off -- Micro read -- Data acquisition methods -- Physical acquisition -- Logical acquisition -- Manual acquisition -- Potential evidence stored on mobile phones -- Examination and analysis -- Rules of evidence -- Good forensic practices -- Securing the evidence--Preserving the evidence -- Documenting the evidence and changes -- Reporting -- Summary -- Section 1: iOS Forensics -- Chapter 02: Understanding the Internals of iOS Devices -- iPhone models and hardware -- Identifying the correct hardware model -- Understanding the iPhone hardware -- iPad models and hardware -- Understanding the iPad hardware -- The HFS Plus and APFS filesystems -- The HFS Plus filesystem -- The HFS Plus volume -- The APFS filesystem -- The APFS structure -- Disk layout -- The iPhone OS -- The iOS architecture -- iOS security -- Passcodes, Touch ID, and Face ID -- Code signing--Sandboxing -- Encryption -- Data protection -- Address Space Layout Randomization (ASLR) -- Privilege separation -- Stack-smashing protection -- Data Execution Prevention (DEP) -- Data wiping -- Activation Lock -- The App Store -- Jailbreaking -- Summary -- Chapter 03: Data Acquisition from iOS Devices -- Operating modes of iOS devices -- Normal mode -- Recovery mode -- DFU mode -- Setting up the forensic environment -- Password protection and potential bypasses -- Logical acquisition -- Practical logical acquisition with libimobiledevice--Practical logical acquisition with the Belkasoft Acquisition Tool -- Practical logical acquisition with Magnet ACQUIRE -- Filesystem acquisition -- Practical jailbreaking -- Practical filesystem acquisition with free tools -- Practical filesystem acquisition with Elcomsoft iOS Forensic Toolkit -- Summary -- Chapter 04: Data Acquisition from iOS Backups -- Working with iTunes backups -- Creating and analyzing backups with iTunes -- Understanding the backup structure -- info.plist -- manifest.plist -- status.plist -- manifest.db -- Extracting unencrypted backups -- iBackup Viewer -- iExplorer.

Become well-versed with forensics for the Android, iOS, and Windows 10 mobile platforms by learning essential techniques and exploring real-life scenarios Key Features Apply advanced forensic techniques to recover deleted data from mobile devices Retrieve and analyze data stored not only on mobile devices but also on the cloud and other connected mediums Use the power of mobile forensics on popular mobile platforms by exploring different tips, tricks, and techniques Book Description Mobile phone forensics is the science of retrieving data from a mobile phone under forensically sound conditions. This updated fourth edition of Practical Mobile Forensics delves into the concepts of mobile forensics and its importance in today's world. The book focuses on teaching you the latest forensic techniques to investigate mobile devices across various mobile platforms. You will learn forensic techniques for multiple OS versions, including iOS 11 to iOS 13, Android 8 to Android 10, and Windows 10. The book then takes you through the latest open source and commercial mobile forensic tools, enabling you to analyze and retrieve data effectively. From inspecting the device and retrieving data from the cloud, through to successfully documenting reports of your investigations, you'll explore new techniques while building on your practical knowledge. Toward the end, you will understand the reverse engineering of applications and ways to identify malware. Finally, the book guides you through parsing popular third-party applications, including Facebook and WhatsApp. By the end of this book, you will be proficient in various mobile forensic techniques to analyze and extract data from mobile devices with the help of open source solutions. What you will learn Discover new data extraction, data recovery, and reverse engineering techniques in mobile forensics Understand iOS, Windows, and Android security mechanisms Identify sensitive files on every mobile platform Extract data from iOS, Android, and Windows platforms Understand malware analysis, reverse engineering, and data analysis of mobile devices Explore various data recovery techniques on all three mobile platforms Who this book is for This book is for forensic examiners with basic experience in mobile forensics or open source solutions for mobile forensics. Computer security professionals, researchers or anyone looking to gain a deeper understanding of mobile internals will also find this book useful.