更新时间:2021-06-30 19:33:58
coverpage
Title Page
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the authors
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Introduction to Mobile Forensics
Why do we need mobile forensics?
Mobile forensics
Challenges in mobile forensics
The mobile phone evidence extraction process
The evidence intake phase
The identification phase
The legal authority
The goals of the examination
The make model and identifying information for the device
Removable and external data storage
Other sources of potential evidence
The preparation phase
The isolation phase
The processing phase
The verification phase
Comparing extracted data to the handset data
Using multiple tools and comparing the results
Using hash values
The documenting and reporting phase
The presentation phase
The archiving phase
Practical mobile forensic approaches
Overview of mobile operating systems
Android
iOS
Windows Phone
Mobile forensic tool leveling system
Manual extraction
Logical extraction
Hex dump
Chip-off
Micro read
Data acquisition methods
Physical acquisition
Logical acquisition
Manual acquisition
Potential evidence stored on mobile phones
Examination and analysis
Rules of evidence
Good forensic practices
Securing the evidence
Preserving the evidence
Documenting the evidence and changes
Reporting
Summary
Understanding the Internals of iOS Devices
iPhone models
Identifying the correct hardware model
iPhone hardware
iPad models
Understanding the iPad hardware
Apple Watch models
Understanding the Apple Watch hardware
The filesystem
The HFS Plus filesystem
The HFS Plus volume
The APFS filesystem
The APFS structure
Disk layout
iPhone operating system
The iOS architecture
iOS security
Passcodes Touch ID and Face ID
Code Signing
Sandboxing
Encryption
Data protection
Address Space Layout Randomization
Privilege separation
Stack-smashing protection
Data execution prevention
Data wipe
Activation Lock
The App Store
Jailbreaking
Data Acquisition from iOS Devices
Operating modes of iOS devices
The normal mode
The recovery mode
DFU mode
Setting up the forensic environment
