January 2018
Beginner to intermediate
402 pages
10h 6m
English
book
Practical Mobile Forensics - Third Edition
by Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty
Content preview from Practical Mobile Forensics - Third Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Preserving the evidence
As evidence is collected, it must be preserved in a state that is acceptable in court. Working directly on the original copies of evidence might alter it. So, as soon as you recover a raw disk image or files, create a read-only master copy and duplicate it. In order for evidence to be admissible, there must be a method to verify that the evidence presented is exactly the same as the original collected. This can be accomplished by creating a forensic hash value of the image. A forensic hash is used to ensure the integrity of an acquisition by calculating a cryptographically strong and non-reversible value of the image/data. After duplicating the raw disk image or files, compute and verify the hash values for the original ...