iOS Forensics for Investigators: Take mobile forensics to the next level by analyzing, extracting, and reporting sensitive evidence
內容描述
Extract crucial data and lead successful criminal investigations by infiltrating every level of iOS devices
Key Features
- Explore free and commercial tools for carrying out data extractions and analysis for digital forensics
- Learn to look for key artifacts, recover deleted mobile data, and investigate processed data
- Get up and running with extracting full filesystem images and jailbreak devices to gather the most data possible
Book Description
Professionals working in the mobile forensics industry will be able to put their knowledge to work with this practical guide to learning how to extract and analyze all available data from an iOS device.
This book is a comprehensive, how-to guide that leads investigators through the process of collecting mobile devices and preserving, extracting, and analyzing data, as well as building a report. Complete with step-by-step explanations of essential concepts, practical examples, and self-assessment questions, this book starts by covering the fundamentals of mobile forensics and how to overcome challenges in extracting data from iOS devices. Once you've walked through the basics of iOS, you'll learn how to use commercial tools to extract and process data and manually search for artifacts stored in database files. Next, you'll find out the correct workflows for handling iOS devices and understand how to extract valuable information to track device usage. You'll also get to grips with analyzing key artifacts, such as browser history, the pattern of life data, location data, and social network forensics.
By the end of this book, you'll be able to establish a proper workflow for handling iOS devices, extracting all available data, and analyzing it to gather precious insights that can be reported as prosecutable evidence.
What you will learn - Become familiar with the mobile forensics workflow
- Understand how to legally seize iOS devices and preserve their data
- Extract evidence through logical and filesystem acquisitions
- Perform a deep-dive analysis of user data and system data
- Gain insights by analyzing third-party applications
- Get to grips with gathering evidence stored on iCloud
Who this book is for
Forensic analysts and investigators interested in extending their skills to extract data from iOS devices, including system logs, device usage, and third-party application data, will find this book useful. Anyone familiar with the principles of digital forensics and looking to expand their knowledge base in deep iOS examinations will also benefit from this book.
Knowledge of mobile forensic principles, data extraction, Unix/Linux terminal, and some hands-on understanding of databases and SQL query language is assumed.
目錄大綱
- Introducing iOS Forensics
- Data Acquisition from iOS Devices
- Using Forensic Tools
- Working with Common iOS Artifacts
- Pattern-of-Life Forensics
- Dissecting Location Data
- Analyzing Connectivity Data
- Email and Messaging Forensics
- Photo, Video, and Audio Forensics
- Analyzing Third-party Apps
- Locked Devices, iTunes Backups, and iCloud Forensics
- Writing a Forensic Report and Building a Timeline
作者介紹
Gianluca Tiepolo is a cybersecurity researcher who specializes in mobile forensics and incident response. He holds a BSc degree in Computer Science and an MSc in Information Security, as well as several security-related certifications.
Over the past 12 years, he has performed security monitoring, threat hunting, incident response, and intelligence analysis as a consultant for dozens of organizations, including several Fortune 100 companies. Gianluca is also the co-founder of the startup Sixth Sense Solutions, which developed AI-based anti-fraud solutions. Today, Gianluca works as a Security Delivery Team Lead for consulting firm Accenture Security.
In 2016, he authored the book Getting Started with RethinkDB, published by Packt Publishing.