Forensic methods used to extract third-party application data

Almost all commercial tools will attempt to support the extraction of third-party applications. We recommend that you test your tools thoroughly and often if you rely on tool output for your investigative results. This is because the apps are updated so frequently that it is nearly impossible for the tools to not miss something. You must learn the applications, how they work, and how the devices store the data for each. We strongly recommend that you use your tool to triage the case and then dive into the data to manually extract anything that the tools miss. Make sure that you only include factual data in your forensic report and not everything that the tools parses. The tools cannot ...

Get Practical Mobile Forensics - Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.