Introduction

Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation, Second Edition, is a comprehensive, how-to guide that leads investigators through the process of collecting mobile devices, cloud sources, IoT devices, wearables, and UASs, then moves to analyzing the collected data and disseminating their findings. This book was created from the many questions received during training courses, lectures, research, and interviews over many years and a desire to impart the answers to new, seasoned, and advanced digital forensic examiners.

Until now, no direction or guidance has been available to students and practitioners other than a few manuscripts and many vendor-specific training courses. Unfortunately, examiners have been left to figure out mobile forensic procedures and techniques for themselves, and often, at least in the digital forensic circles, mobile forensics can still be referred to as the “Wild West” of digital forensics—just point and click. Now with the world of IoT, wearables, vehicle systems, and drones, a new digital field has emerged, but the same problems persist. By trusting only in automated tools, most examiners today do not fully understand the methods and processes used, so this term often fits. It is the goal of this book to change this mentality and move the examination of a mobile device into today’s required standards.

This book is intended not only to educate new students coming into the field or those looking for a career in mobile forensics but also to inform examiners who have been conducting mobile forensics for years. It helps both student and examiner understand what constitutes processes and procedures, how to formulate an examination, how to identify the evidence, and how to collect the various devices, and it culminates with advanced tools and methods the examiner can use to uncover data that most tools forget.

This book can be read from cover to cover, but it can also be used to consult individual chapters during an examination. With the many tables and figures outlining mobile device file systems, targeted files, and digital gold, the student and examiner can use Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation, Second Edition, for reference during many examinations.

The first two chapters help expose the reader to the world of mobile forensics and clearly define the differences and similarities between mobile forensics and computer forensics. Chapters 3 and 4 bring in new concepts with IoT devices, infotainment, wearables, UAS, and cloud stores—the new frontier. Chapters 5 and 6 outline the steps an examiner should take when coming into contact with mobile device evidence, including how to handle the evidence, and include information on the types of mobile forensic tools and the multitool approach. Chapters 7 through 10 begin the exploration into the first examination by setting up the collection environment and defining what problems can be encountered, along with ways to fix them for both collections and data analysis. Chapters 11 through 16 are all about the data. This includes determining what type of data should be expected within the various mobile device file systems, IoT devices, wearables, UAS, and cloud stores. More importantly these chapters speak to what type of data should be expected in a standard collection versus an advanced collection and how to decipher and decode advanced data from iOS, Android, Windows Mobile, and BlackBerry devices. Chapter 17 discusses how to present the data and how to become a mobile forensic device expert. This chapter explains that without proper documentation detailing the process from collection to analysis, the recovered evidence is often confusing and could be inadmissible.

A student or an examiner in mobile forensics must be prepared for tomorrow today. Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation, Second Edition, provides a tremendous start.