Forensic methods used to extract third-party application data
Almost all commercial tools will attempt to support the extraction of third-party applications. We recommend that you test your tools thoroughly and often if you rely on tool output for your investigative results. This is because the apps are updated so frequently that it is nearly impossible for the tools to not miss something. You must learn the applications, how they work, and how the devices store the data for each. We strongly recommend that you use your tool to triage the case and then dive into the data to manually extract anything that the tools miss. Make sure that you only include factual data in your forensic report and not everything that the tools parses. The tools cannot ...
Get Practical Mobile Forensics - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.