book

Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation, Second Edition, 2nd Edition

Name: Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation, Second Edition, 2nd Edition
Author: Lee Reiber
ISBN: 9781260135107

by Lee Reiber

December 2018

Intermediate to advanced

560 pages

18h 56m

English

McGraw-Hill

Read now

Unlock full access

Cover
Title Page
Copyright Page
Dedication
About the Author
Contents at a Glance
Contents
Introduction
Chapter 1 Introduction to the World of Mobile Device Forensics
A Brief History of the Mobile DeviceMartin CooperSize EvolutionData EvolutionStorage EvolutionMobile Device Data: The Relevance TodayMobile Devices in the MediaThe Overuse of the Word “Forensic”Write Blockers and Mobile DevicesMobile Device Technology and Mobile ForensicsFrom Data Transfer to Data ForensicsProcesses and ProceduresExamination Awareness and ProgressionData Storage PointsMobile Technology Terminology and AcronymsMobile DeviceSIM and UICCMedia Storage CardsMobile Device BackupsEducational ResourcesPhone ScoopGSMArenaForumsPreparing for Your JourneyChapter Summary
Chapter 2 Mobile Devices vs. Computer Devices in the World of Forensics
Computer Forensics DefinedInternational Association of Computer Investigative Specialists (IACIS)International Society of Forensic Computer Examiners (ISFCE)Applying Forensic Processes and ProceduresSeizureCollectionAnalysis/ExaminationPresentationApproach to Mobile Device ForensicsNIST and Mobile ForensicsProcess and ProcedureStandard Operating Procedure DocumentPurpose and ScopeDefinitionsEquipment/MaterialsGeneral InformationProcedureReferences/DocumentsSuccessful SOP Creation and ExecutionCreation of a WorkflowSpecialty Mobile Forensic UnitsForensic SoftwareCommon MisconceptionsSeasoned Computer Forensics Examiners’ MisconceptionsFirst Responders’ MisconceptionsChapter Summary

Chapter 3 New Era of Digital Devices: IoT, Infotainment, Wearables, and Drones
IoT DevicesCategories of Connected DevicesCommon Consumer TypesAmazon AlexaGoogle HomeInfotainment SystemsObtaining Data from VehiclesWearablesClassification of Wearable DevicesUnmanned Aircraft SystemsPrivacyCrashesAirspaceRestricted AreasSmugglingObtaining Evidence from DronesChapter Summary
Chapter 4 Living in the Cloud: The Place to Hide and Store Mobile Data
Clouds and Mobile DevicesWhat Does This Mean to Investigators?Accessing the CloudDate Ranges and Types of RecordsNotificationsSecurityMethods of Bypassing Cloud Services SecurityAccessible Cloud DataCloud ToolsOxygen Forensics Cloud ExtractorCellebrite UFED Cloud AnalyzerMagnet AXIOM CloudChapter Summary
Chapter 5 Collecting Mobile Devices, USB Drives, and Storage Media at the Scene
Lawful Device SeizureBefore the Data SeizureFourth Amendment RightsThe Supreme Court and Mobile Device Data SeizureWarrantless SearchesLocation to Be Searched: Physical LocationLocation to Be Searched: Cloud LocationLocation to Be Searched: Mobile DeviceLocation to Be Searched: User Cloud StoreSecuring the SceneData Volatility at the SceneAsking the Right QuestionsExamining the Scene for EvidenceUSB DrivesChargers and USB CablesSD CardsSIM CardsOlder Mobile DevicesPersonal ComputersOnce You Find It, What’s Next?Inventory and LocationData Collection: Where and WhenChapter Summary
Chapter 6 Preparing, Protecting, and Seizing Digital Device Evidence
Before Seizure: Understanding Mobile Device CommunicationCellular CommunicationBluetooth CommunicationWi-Fi CommunicationNear Field CommunicationUnderstanding Mobile Device SecurityApple iOS DevicesAndroid DevicesWindows Mobile and Windows PhoneBlackBerry DevicesPhotographing the Evidence at the SceneTagging and Marking EvidenceDocumenting the Evidence at the SceneMobile DeviceMobile Device AccessoriesSIM CardsMemory CardsDealing with Power Issues: The Device StateBagging Sensitive EvidenceTypes of Bagging EquipmentProperly Bagging Mobile Device EvidenceTransporting Mobile Device EvidenceTo StorageTo the LabEstablishing Chain of CustodyChapter Summary
Chapter 7 Toolbox Forensics: Multiple-Tool Approach
Choosing the Right ToolsAnalyzing Several Devices CollectivelyVerifying and Validating SoftwareUsing Multiple Tools to Your AdvantageDealing with ChallengesOvercoming Challenges by Verification and ValidationOvercoming Challenges for Single- and Multiple-Tool ExaminationsChapter Summary
Chapter 8 Mobile Forensic Tool Overview
Collection TypesLogical CollectionPhysical CollectionCollection PyramidCollection AdditionsNontraditional ToolsTraditional Tool MatrixTools AvailableOpen Source ToolsFreeware ToolsCommercial ToolsChapter Summary
Chapter 9 Preparing the Environment for Your First Collection
Creating the Ideal SystemProcessor (CPU)RAMInput/Output (I/O)StorageExternal StorageOperating SystemDevice Drivers and Multiple-Tool EnvironmentsUnderstanding DriversFinding Mobile Device DriversInstalling DriversCleaning the Computer System of Unused Drivers and PortsChapter Summary
Chapter 10 Conducting a Collection of a Mobile Device: Considerations and Actions
Initial ConsiderationsIsolating the DeviceDevice Collection Type: Logical or PhysicalInitial DocumentationDeviceBatteryUICCMemory CardJTAG, ISP, or Chip-OffMobile Device Isolation MethodsMethods, Appliances, and Techniques for Isolating a DeviceMobile Device Processing WorkflowFeature Phone CollectionsBlackBerry CollectionsWindows Mobile and Windows Phone ExaminationsApple iOS Connections and CollectionsAndroid OS Connections and CollectionsChapter Summary
Chapter 11 Analyzing SIM Cards
Smart Card Overview: SIM and UICCSIM Card AnalysisFile System UICC StructureNetwork Information Data LocationsICCIDIMSILOCIFPLMNUser Data LocationsSMSContactsFixed Dialing NumbersCall LogsDialing NumberChapter Summary
Chapter 12 Analyzing Feature Phone, BlackBerry, and Windows Phone Data
Avoiding Tool Hashing InconsistenciesIceberg TheoryFeature PhonesFeature Phone “Tip of the Iceberg Data”Parsing a Feature Phone File SystemBlackBerry DevicesBlackBerry “Tip of the Iceberg Data”BlackBerry Database BreakdownBlackBerry Data Formats and Data TypesBlackBerry 10 File SystemWindows PhoneWindows Phone “Tip of the Iceberg Data”Windows Phone File SystemChapter Summary
Chapter 13 Advanced iOS Analysis
The iOS File SystemiOS “Tip of the Iceberg Data”File System StructureApp DataApp CachesAdditional File System LocationsGroup Shared DataiOS Evidentiary File TypesSQLite DatabasesProperty ListsMiscellaneous iOS FilesChapter Summary
Chapter 14 Querying SQLite and Taming the Forensic Snake
Querying the SQLite DatabaseWhat Is a SQL Query?Building a Simple SQL QueryAutomating Query BuildingAnalysis with PythonPython TerminologyUsing Python ScriptsHashing a Directory of FilesUsing Regular ExpressionsChapter Summary
Chapter 15 Advanced Android Analysis
Android Device InformationPartitionsThe File SystemPredominant Android File TypesArtifacts“Tip of the Iceberg Data”Additional File System Locations/data FolderFile InterrogationScriptsAndroid App Files and MalwareAnalysis LevelsChapter Summary
Chapter 16 Advanced Device Analysis: IoT, Wearables, and Drones
“Tip of the Iceberg Data”Smart Home DevicesGoogle HomeAlexaWearable DevicesApple WatchFitbitUnmanned Aircraft SystemsMobile App: DJI GOPhysical AcquisitionMedia CardCloud ServicesChapter Summary
Chapter 17 Presenting the Data as a Mobile Forensics Expert
Presenting the DataThe Importance of Taking NotesThe AudienceFormat of the Examiner’s PresentationWhy Being Technical Is Not Always BestWhat Data to Include in the ReportTo Include or Not to IncludeBecoming a Mobile Forensic Device ExpertImportance of a Complete CollectionConforming to Current Expectations May Not Be the Best ApproachAdditional Suggestions and AdviceChapter Summary
Index

Overview

Master the tools and techniques of mobile forensic investigations

Conduct mobile forensic investigations that are legal, ethical, and highly effective using the detailed information contained in this practical guide. Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation, Second Edition fully explains the latest tools and methods along with features, examples, and real-world case studies. Find out how to assemble a mobile forensics lab, collect prosecutable evidence, uncover hidden files, and lock down the chain of custody. This comprehensive resource shows not only how to collect and analyze mobile device data but also how to accurately document your investigations to deliver court-ready documents.

•Legally seize mobile devices, USB drives, SD cards, and SIM cards

•Uncover sensitive data through both physical and logical techniques

•Properly package, document, transport, and store evidence

•Work with free, open source, and commercial forensic software

•Perform a deep dive analysis of iOS, Android, and Windows Phone file systems

•Extract evidence from application, cache, and user storage files

•Extract and analyze data from IoT devices, drones, wearables, and infotainment systems

•Build SQLite queries and Python scripts for mobile device file interrogation

•Prepare reports that will hold up to judicial and defense scrutiny

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation

Publisher Resources

ISBN: 9781260135107

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills