Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation, Second Edition, 2nd Edition

Book description

Master the tools and techniques of mobile forensic investigations

Conduct mobile forensic investigations that are legal, ethical, and highly effective using the detailed information contained in this practical guide. Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation, Second Edition fully explains the latest tools and methods along with features, examples, and real-world case studies. Find out how to assemble a mobile forensics lab, collect prosecutable evidence, uncover hidden files, and lock down the chain of custody. This comprehensive resource shows not only how to collect and analyze mobile device data but also how to accurately document your investigations to deliver court-ready documents.

•Legally seize mobile devices, USB drives, SD cards, and SIM cards
•Uncover sensitive data through both physical and logical techniques
•Properly package, document, transport, and store evidence
•Work with free, open source, and commercial forensic software
•Perform a deep dive analysis of iOS, Android, and Windows Phone file systems
•Extract evidence from application, cache, and user storage files
•Extract and analyze data from IoT devices, drones, wearables, and infotainment systems
•Build SQLite queries and Python scripts for mobile device file interrogation
•Prepare reports that will hold up to judicial and defense scrutiny

Table of contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. About the Author
  6. Contents at a Glance
  7. Contents
  8. Introduction
  9. Chapter 1 Introduction to the World of Mobile Device Forensics
    1. A Brief History of the Mobile Device
      1. Martin Cooper
      2. Size Evolution
      3. Data Evolution
      4. Storage Evolution
    2. Mobile Device Data: The Relevance Today
      1. Mobile Devices in the Media
    3. The Overuse of the Word “Forensic”
      1. Write Blockers and Mobile Devices
    4. Mobile Device Technology and Mobile Forensics
      1. From Data Transfer to Data Forensics
      2. Processes and Procedures
    5. Examination Awareness and Progression
    6. Data Storage Points
      1. Mobile Technology Terminology and Acronyms
      2. Mobile Device
      3. SIM and UICC
      4. Media Storage Cards
      5. Mobile Device Backups
    7. Educational Resources
      1. Phone Scoop
      2. GSMArena
      3. Forums
    8. Preparing for Your Journey
    9. Chapter Summary
  10. Chapter 2 Mobile Devices vs. Computer Devices in the World of Forensics
    1. Computer Forensics Defined
      1. International Association of Computer Investigative Specialists (IACIS)
      2. International Society of Forensic Computer Examiners (ISFCE)
    2. Applying Forensic Processes and Procedures
      1. Seizure
      2. Collection
      3. Analysis/Examination
      4. Presentation
    3. Approach to Mobile Device Forensics
      1. NIST and Mobile Forensics
      2. Process and Procedure
    4. Standard Operating Procedure Document
      1. Purpose and Scope
      2. Definitions
      3. Equipment/Materials
      4. General Information
      5. Procedure
      6. References/Documents
      7. Successful SOP Creation and Execution
      8. Creation of a Workflow
    5. Specialty Mobile Forensic Units
    6. Forensic Software
    7. Common Misconceptions
      1. Seasoned Computer Forensics Examiners’ Misconceptions
      2. First Responders’ Misconceptions
    8. Chapter Summary
  11. Chapter 3 New Era of Digital Devices: IoT, Infotainment, Wearables, and Drones
    1. IoT Devices
      1. Categories of Connected Devices
    2. Common Consumer Types
      1. Amazon Alexa
      2. Google Home
    3. Infotainment Systems
      1. Obtaining Data from Vehicles
    4. Wearables
      1. Classification of Wearable Devices
    5. Unmanned Aircraft Systems
      1. Privacy
      2. Crashes
      3. Airspace
      4. Restricted Areas
      5. Smuggling
      6. Obtaining Evidence from Drones
    6. Chapter Summary
  12. Chapter 4 Living in the Cloud: The Place to Hide and Store Mobile Data
    1. Clouds and Mobile Devices
      1. What Does This Mean to Investigators?
    2. Accessing the Cloud
      1. Date Ranges and Types of Records
      2. Notifications
      3. Security
      4. Methods of Bypassing Cloud Services Security
      5. Accessible Cloud Data
    3. Cloud Tools
      1. Oxygen Forensics Cloud Extractor
      2. Cellebrite UFED Cloud Analyzer
      3. Magnet AXIOM Cloud
    4. Chapter Summary
  13. Chapter 5 Collecting Mobile Devices, USB Drives, and Storage Media at the Scene
    1. Lawful Device Seizure
      1. Before the Data Seizure
    2. Fourth Amendment Rights
      1. The Supreme Court and Mobile Device Data Seizure
      2. Warrantless Searches
      3. Location to Be Searched: Physical Location
      4. Location to Be Searched: Cloud Location
      5. Location to Be Searched: Mobile Device
      6. Location to Be Searched: User Cloud Store
    3. Securing the Scene
      1. Data Volatility at the Scene
      2. Asking the Right Questions
    4. Examining the Scene for Evidence
      1. USB Drives
      2. Chargers and USB Cables
      3. SD Cards
      4. SIM Cards
      5. Older Mobile Devices
      6. Personal Computers
    5. Once You Find It, What’s Next?
      1. Inventory and Location
    6. Data Collection: Where and When
    7. Chapter Summary
  14. Chapter 6 Preparing, Protecting, and Seizing Digital Device Evidence
    1. Before Seizure: Understanding Mobile Device Communication
      1. Cellular Communication
      2. Bluetooth Communication
      3. Wi-Fi Communication
      4. Near Field Communication
    2. Understanding Mobile Device Security
      1. Apple iOS Devices
      2. Android Devices
      3. Windows Mobile and Windows Phone
      4. BlackBerry Devices
    3. Photographing the Evidence at the Scene
    4. Tagging and Marking Evidence
    5. Documenting the Evidence at the Scene
      1. Mobile Device
      2. Mobile Device Accessories
      3. SIM Cards
      4. Memory Cards
    6. Dealing with Power Issues: The Device State
    7. Bagging Sensitive Evidence
      1. Types of Bagging Equipment
      2. Properly Bagging Mobile Device Evidence
    8. Transporting Mobile Device Evidence
      1. To Storage
      2. To the Lab
    9. Establishing Chain of Custody
    10. Chapter Summary
  15. Chapter 7 Toolbox Forensics: Multiple-Tool Approach
    1. Choosing the Right Tools
      1. Analyzing Several Devices Collectively
      2. Verifying and Validating Software
      3. Using Multiple Tools to Your Advantage
    2. Dealing with Challenges
      1. Overcoming Challenges by Verification and Validation
      2. Overcoming Challenges for Single- and Multiple-Tool Examinations
    3. Chapter Summary
  16. Chapter 8 Mobile Forensic Tool Overview
    1. Collection Types
      1. Logical Collection
      2. Physical Collection
    2. Collection Pyramid
      1. Collection Additions
      2. Nontraditional Tools
    3. Traditional Tool Matrix
    4. Tools Available
      1. Open Source Tools
      2. Freeware Tools
      3. Commercial Tools
    5. Chapter Summary
  17. Chapter 9 Preparing the Environment for Your First Collection
    1. Creating the Ideal System
      1. Processor (CPU)
      2. RAM
      3. Input/Output (I/O)
      4. Storage
      5. External Storage
      6. Operating System
    2. Device Drivers and Multiple-Tool Environments
      1. Understanding Drivers
      2. Finding Mobile Device Drivers
      3. Installing Drivers
      4. Cleaning the Computer System of Unused Drivers and Ports
    3. Chapter Summary
  18. Chapter 10 Conducting a Collection of a Mobile Device: Considerations and Actions
    1. Initial Considerations
      1. Isolating the Device
      2. Device Collection Type: Logical or Physical
    2. Initial Documentation
      1. Device
      2. Battery
      3. UICC
      4. Memory Card
      5. JTAG, ISP, or Chip-Off
    3. Mobile Device Isolation Methods
      1. Methods, Appliances, and Techniques for Isolating a Device
    4. Mobile Device Processing Workflow
      1. Feature Phone Collections
      2. BlackBerry Collections
      3. Windows Mobile and Windows Phone Examinations
      4. Apple iOS Connections and Collections
      5. Android OS Connections and Collections
    5. Chapter Summary
  19. Chapter 11 Analyzing SIM Cards
    1. Smart Card Overview: SIM and UICC
      1. SIM Card Analysis
      2. File System UICC Structure
    2. Network Information Data Locations
      1. ICCID
      2. IMSI
      3. LOCI
      4. FPLMN
    3. User Data Locations
      1. SMS
      2. Contacts
      3. Fixed Dialing Numbers
      4. Call Logs
      5. Dialing Number
    4. Chapter Summary
  20. Chapter 12 Analyzing Feature Phone, BlackBerry, and Windows Phone Data
    1. Avoiding Tool Hashing Inconsistencies
    2. Iceberg Theory
    3. Feature Phones
      1. Feature Phone “Tip of the Iceberg Data”
      2. Parsing a Feature Phone File System
    4. BlackBerry Devices
      1. BlackBerry “Tip of the Iceberg Data”
      2. BlackBerry Database Breakdown
      3. BlackBerry Data Formats and Data Types
      4. BlackBerry 10 File System
    5. Windows Phone
      1. Windows Phone “Tip of the Iceberg Data”
      2. Windows Phone File System
    6. Chapter Summary
  21. Chapter 13 Advanced iOS Analysis
    1. The iOS File System
    2. iOS “Tip of the Iceberg Data”
    3. File System Structure
      1. App Data
      2. App Caches
      3. Additional File System Locations
      4. Group Shared Data
    4. iOS Evidentiary File Types
      1. SQLite Databases
      2. Property Lists
      3. Miscellaneous iOS Files
    5. Chapter Summary
  22. Chapter 14 Querying SQLite and Taming the Forensic Snake
    1. Querying the SQLite Database
      1. What Is a SQL Query?
      2. Building a Simple SQL Query
      3. Automating Query Building
    2. Analysis with Python
      1. Python Terminology
      2. Using Python Scripts
      3. Hashing a Directory of Files
      4. Using Regular Expressions
    3. Chapter Summary
  23. Chapter 15 Advanced Android Analysis
    1. Android Device Information
      1. Partitions
      2. The File System
    2. Predominant Android File Types
    3. Artifacts
    4. “Tip of the Iceberg Data”
      1. Additional File System Locations
      2. /data Folder
    5. File Interrogation
      1. Scripts
    6. Android App Files and Malware
      1. Analysis Levels
    7. Chapter Summary
  24. Chapter 16 Advanced Device Analysis: IoT, Wearables, and Drones
    1. “Tip of the Iceberg Data”
    2. Smart Home Devices
      1. Google Home
      2. Alexa
    3. Wearable Devices
      1. Apple Watch
      2. Fitbit
    4. Unmanned Aircraft Systems
      1. Mobile App: DJI GO
      2. Physical Acquisition
      3. Media Card
      4. Cloud Services
    5. Chapter Summary
  25. Chapter 17 Presenting the Data as a Mobile Forensics Expert
    1. Presenting the Data
      1. The Importance of Taking Notes
      2. The Audience
      3. Format of the Examiner’s Presentation
      4. Why Being Technical Is Not Always Best
      5. What Data to Include in the Report
      6. To Include or Not to Include
    2. Becoming a Mobile Forensic Device Expert
      1. Importance of a Complete Collection
      2. Conforming to Current Expectations May Not Be the Best Approach
      3. Additional Suggestions and Advice
    3. Chapter Summary
  26. Index

Product information

  • Title: Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation, Second Edition, 2nd Edition
  • Author(s): Lee Reiber
  • Release date: December 2018
  • Publisher(s): McGraw-Hill
  • ISBN: 9781260135107