Home Page Icon
Home Page
Table of Contents for
Title Page
Close
Title Page
by Lee Reiber
Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation, Second Edition, 2nd Edition
Cover
Title Page
Copyright Page
Dedication
About the Author
Contents at a Glance
Contents
Introduction
Chapter 1 Introduction to the World of Mobile Device Forensics
A Brief History of the Mobile Device
Martin Cooper
Size Evolution
Data Evolution
Storage Evolution
Mobile Device Data: The Relevance Today
Mobile Devices in the Media
The Overuse of the Word “Forensic”
Write Blockers and Mobile Devices
Mobile Device Technology and Mobile Forensics
From Data Transfer to Data Forensics
Processes and Procedures
Examination Awareness and Progression
Data Storage Points
Mobile Technology Terminology and Acronyms
Mobile Device
SIM and UICC
Media Storage Cards
Mobile Device Backups
Educational Resources
Phone Scoop
GSMArena
Forums
Preparing for Your Journey
Chapter Summary
Chapter 2 Mobile Devices vs. Computer Devices in the World of Forensics
Computer Forensics Defined
International Association of Computer Investigative Specialists (IACIS)
International Society of Forensic Computer Examiners (ISFCE)
Applying Forensic Processes and Procedures
Seizure
Collection
Analysis/Examination
Presentation
Approach to Mobile Device Forensics
NIST and Mobile Forensics
Process and Procedure
Standard Operating Procedure Document
Purpose and Scope
Definitions
Equipment/Materials
General Information
Procedure
References/Documents
Successful SOP Creation and Execution
Creation of a Workflow
Specialty Mobile Forensic Units
Forensic Software
Common Misconceptions
Seasoned Computer Forensics Examiners’ Misconceptions
First Responders’ Misconceptions
Chapter Summary
Chapter 3 New Era of Digital Devices: IoT, Infotainment, Wearables, and Drones
IoT Devices
Categories of Connected Devices
Common Consumer Types
Amazon Alexa
Google Home
Infotainment Systems
Obtaining Data from Vehicles
Wearables
Classification of Wearable Devices
Unmanned Aircraft Systems
Privacy
Crashes
Airspace
Restricted Areas
Smuggling
Obtaining Evidence from Drones
Chapter Summary
Chapter 4 Living in the Cloud: The Place to Hide and Store Mobile Data
Clouds and Mobile Devices
What Does This Mean to Investigators?
Accessing the Cloud
Date Ranges and Types of Records
Notifications
Security
Methods of Bypassing Cloud Services Security
Accessible Cloud Data
Cloud Tools
Oxygen Forensics Cloud Extractor
Cellebrite UFED Cloud Analyzer
Magnet AXIOM Cloud
Chapter Summary
Chapter 5 Collecting Mobile Devices, USB Drives, and Storage Media at the Scene
Lawful Device Seizure
Before the Data Seizure
Fourth Amendment Rights
The Supreme Court and Mobile Device Data Seizure
Warrantless Searches
Location to Be Searched: Physical Location
Location to Be Searched: Cloud Location
Location to Be Searched: Mobile Device
Location to Be Searched: User Cloud Store
Securing the Scene
Data Volatility at the Scene
Asking the Right Questions
Examining the Scene for Evidence
USB Drives
Chargers and USB Cables
SD Cards
SIM Cards
Older Mobile Devices
Personal Computers
Once You Find It, What’s Next?
Inventory and Location
Data Collection: Where and When
Chapter Summary
Chapter 6 Preparing, Protecting, and Seizing Digital Device Evidence
Before Seizure: Understanding Mobile Device Communication
Cellular Communication
Bluetooth Communication
Wi-Fi Communication
Near Field Communication
Understanding Mobile Device Security
Apple iOS Devices
Android Devices
Windows Mobile and Windows Phone
BlackBerry Devices
Photographing the Evidence at the Scene
Tagging and Marking Evidence
Documenting the Evidence at the Scene
Mobile Device
Mobile Device Accessories
SIM Cards
Memory Cards
Dealing with Power Issues: The Device State
Bagging Sensitive Evidence
Types of Bagging Equipment
Properly Bagging Mobile Device Evidence
Transporting Mobile Device Evidence
To Storage
To the Lab
Establishing Chain of Custody
Chapter Summary
Chapter 7 Toolbox Forensics: Multiple-Tool Approach
Choosing the Right Tools
Analyzing Several Devices Collectively
Verifying and Validating Software
Using Multiple Tools to Your Advantage
Dealing with Challenges
Overcoming Challenges by Verification and Validation
Overcoming Challenges for Single- and Multiple-Tool Examinations
Chapter Summary
Chapter 8 Mobile Forensic Tool Overview
Collection Types
Logical Collection
Physical Collection
Collection Pyramid
Collection Additions
Nontraditional Tools
Traditional Tool Matrix
Tools Available
Open Source Tools
Freeware Tools
Commercial Tools
Chapter Summary
Chapter 9 Preparing the Environment for Your First Collection
Creating the Ideal System
Processor (CPU)
RAM
Input/Output (I/O)
Storage
External Storage
Operating System
Device Drivers and Multiple-Tool Environments
Understanding Drivers
Finding Mobile Device Drivers
Installing Drivers
Cleaning the Computer System of Unused Drivers and Ports
Chapter Summary
Chapter 10 Conducting a Collection of a Mobile Device: Considerations and Actions
Initial Considerations
Isolating the Device
Device Collection Type: Logical or Physical
Initial Documentation
Device
Battery
UICC
Memory Card
JTAG, ISP, or Chip-Off
Mobile Device Isolation Methods
Methods, Appliances, and Techniques for Isolating a Device
Mobile Device Processing Workflow
Feature Phone Collections
BlackBerry Collections
Windows Mobile and Windows Phone Examinations
Apple iOS Connections and Collections
Android OS Connections and Collections
Chapter Summary
Chapter 11 Analyzing SIM Cards
Smart Card Overview: SIM and UICC
SIM Card Analysis
File System UICC Structure
Network Information Data Locations
ICCID
IMSI
LOCI
FPLMN
User Data Locations
SMS
Contacts
Fixed Dialing Numbers
Call Logs
Dialing Number
Chapter Summary
Chapter 12 Analyzing Feature Phone, BlackBerry, and Windows Phone Data
Avoiding Tool Hashing Inconsistencies
Iceberg Theory
Feature Phones
Feature Phone “Tip of the Iceberg Data”
Parsing a Feature Phone File System
BlackBerry Devices
BlackBerry “Tip of the Iceberg Data”
BlackBerry Database Breakdown
BlackBerry Data Formats and Data Types
BlackBerry 10 File System
Windows Phone
Windows Phone “Tip of the Iceberg Data”
Windows Phone File System
Chapter Summary
Chapter 13 Advanced iOS Analysis
The iOS File System
iOS “Tip of the Iceberg Data”
File System Structure
App Data
App Caches
Additional File System Locations
Group Shared Data
iOS Evidentiary File Types
SQLite Databases
Property Lists
Miscellaneous iOS Files
Chapter Summary
Chapter 14 Querying SQLite and Taming the Forensic Snake
Querying the SQLite Database
What Is a SQL Query?
Building a Simple SQL Query
Automating Query Building
Analysis with Python
Python Terminology
Using Python Scripts
Hashing a Directory of Files
Using Regular Expressions
Chapter Summary
Chapter 15 Advanced Android Analysis
Android Device Information
Partitions
The File System
Predominant Android File Types
Artifacts
“Tip of the Iceberg Data”
Additional File System Locations
/data Folder
File Interrogation
Scripts
Android App Files and Malware
Analysis Levels
Chapter Summary
Chapter 16 Advanced Device Analysis: IoT, Wearables, and Drones
“Tip of the Iceberg Data”
Smart Home Devices
Google Home
Alexa
Wearable Devices
Apple Watch
Fitbit
Unmanned Aircraft Systems
Mobile App: DJI GO
Physical Acquisition
Media Card
Cloud Services
Chapter Summary
Chapter 17 Presenting the Data as a Mobile Forensics Expert
Presenting the Data
The Importance of Taking Notes
The Audience
Format of the Examiner’s Presentation
Why Being Technical Is Not Always Best
What Data to Include in the Report
To Include or Not to Include
Becoming a Mobile Forensic Device Expert
Importance of a Complete Collection
Conforming to Current Expectations May Not Be the Best Approach
Additional Suggestions and Advice
Chapter Summary
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Cover
Next
Next Chapter
Copyright Page
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset