更新时间:2021-07-08 11:45:12
封面
版权页
Credits
Foreword
About the Authors
About the Reviewer
www.PacktPub.com
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Chapter 1. Introducing Mobile Forensics
Why we need mobile forensics
Available information
Stages of mobile forensics
Summary
Chapter 2. Acquisition Methods Overview
Over-the-air acquisition
Logical acquisition (backup analysis)
Physical acquisition
JTAG
Chip-off
In-system programming
Chapter 3. Acquisition – Approaching Android Devices
Android platform fragmentation
AOSP GMS and their forensic implications
Chapter 4. Practical Steps to Android Acquisition
Android physical acquisition
Approaching physical acquisition
Live imaging
Google Account acquisition – over-the-air
Chapter 5. iOS – Introduction and Physical Acquisition
iOS forensics – introduction
Tutorial – physical acquisition with Elcomsoft iOS Forensic Toolkit
Chapter 6. iOS Logical and Cloud Acquisition
Understanding backups - local cloud encrypted and unencrypted
Encrypted versus unencrypted iTunes backups
Breaking backup passwords
A fast CPU and a faster video card
Knowing the user helps breaking the password
Tutorial - logical acquisition with Elcomsoft Phone Breaker
Elcomsoft Phone Breaker on a Mac inside a virtual PC or via RDP
iOS Cloud forensics - over-the-air acquisition
Tutorial - cloud acquisition with Elcomsoft Phone Breaker
Downloading iCloud/iCloud Drive backups - using authentication tokens
Extracting authentication tokens
Two-factor authentication
What next?
Chapter 7. Acquisition – Approaching Windows Phone and Windows 10 Mobile
Windows Phone security model
Windows Phone physical acquisition
JTAG forensics on Windows Phone 8.x and Windows 10 Mobile
Windows Phone 8/8.1 and Windows 10 Mobile cloud forensics
Acquiring Windows Phone backups over the air
Chapter 8. Acquisition – Approaching Windows 8 8.1 10 and RT Tablets
Windows 8 8.1 10 and RT on portable touchscreen devices
Acquisition of Windows tablets
Imaging Built-in eMMC Storage
Booting Windows tablets from recovery media
Acquiring a BitLocker encryption key
Imaging Windows RT tablets
Cloud Acquisition
Chapter 9. Acquisition – Approaching BlackBerry
The history of the BlackBerry OS - BlackBerry 1.0-7.1
Acquiring BlackBerry 10
Analyzing BlackBerry backups
Chapter 10. Dealing with Issues Obstacles and Special Cases
Cloud acquisition and two-factor authentication
Unallocated space
Accessing destroyed evidence in different mobile platforms
Windows Phone 8 and 8.1 – possible for end-user devices with limitations
Windows RT Windows 8/8.1 and Windows 10
eMMC and deleted data
SD cards
SQLite databases (access to call logs browsing history and many more)
Chapter 11. Mobile Forensic Tools and Case Studies
Cellebrite
Micro Systemation AB
AccessData
Oxygen Forensic toolkit
Magnet ACQUIRE
BlackBag Mobilyze
ElcomSoft tools
Case studies
BlackBerry scenarios
