Learning iOS Forensics

Packt Publishing Limited
  • 1. Auflage
  • |
  • erschienen am 10. März 2015
  • |
  • 220 Seiten
E-Book | ePUB mit Adobe DRM | Systemvoraussetzungen
978-1-78355-352-5 (ISBN)
Mobile device forensics relates to the recovery of data from a mobile device. It has an impact on many different situations including criminal investigations and intelligence gathering. iOS devices, with their wide range of functionality and usability, have become one of the mobile market leaders. Millions of people often depend on iOS devices for storing sensitive information, leading to a rise in cybercrime. This has increased the need to successfully retrieve this information from these devices if stolen or lost.Learning iOS Forensics will give you an insight into the forensics activities you can perform on iOS devices. You will begin with simple concepts such as identifying the specific iOS device and the operating system version and then move on to complex topics such as analyzing the different recognized techniques to acquire the content of the device. Throughout the journey, you will gain knowledge of the best way to extract most of the information by eventually bypassing the protection passcode. After that, you, the examiner, will be taken through steps to analyze the data. The book will give you an overview of how to analyze malicious applications created to steal user credentials and data.
  • Englisch
  • Olton Birmingham
  • |
  • Großbritannien
978-1-78355-352-5 (9781783553525)
1783553529 (1783553529)
weitere Ausgaben werden ermittelt
Mattia Epifani (@mattiaep) is the CEO at Reality Net-System Solutions, an Italian consulting company involved in InfoSec and digital forensics. He works as a digital forensics analyst for judges, prosecutors, lawyers, and private companies. He is a court witness and digital forensics expert.
He obtained a university degree in computer science in Genoa, Italy, and a master's degree in computer forensics and digital investigations in Milan. Over the last few years, he obtained several certifications in digital forensics and ethical hacking (GCFA, GREM, GMOB, CIFI, CEH, CHFI, ACE, AME, ECCE, CCE, and MPSC) and attended several SANS classes (computer forensics and incident response, Windows memory forensics, mobile device security and ethical hacking, reverse engineering malware, and network forensics analysis).
He speaks regularly on digital forensics in different Italian and European universities (Genova, Milano, Roma, Bolzano, Pescara, Salerno, Campobasso, Camerino, Pavia, Savona, Catania, Lugano, Como, and Modena e Reggio Emilia) and events (Security Summit, IISFA Forum, SANS European Digital Forensics Summit, Cybercrime Conference Sibiu, Athens Cybercrime Conference, and DFA Open Day). He is a member of CLUSIT, DFA, IISFA, ONIF, and Tech and Law Center and the author of various articles on scientific publications about digital forensics. More information is available on his LinkedIn profile (http://www.linkedin.com/in/mattiaepifani). Pasquale Stirparo (@pstirparo) is currently working as a Senior Information Security and Incident Response Engineer at a Fortune 500 company. Prior to this, he founded SefirTech, an Italian company focusing on mobile security, digital forensics, and incident response. Pasquale has also worked at the Joint Research Centre (JRC) of European Commission as a digital forensics and mobile security researcher, focusing mainly on security and privacy issues related to mobile devices communication protocols, mobile applications, mobile malware, and cybercrime. He was also involved in the standardization of digital forensics as a contributor (the first from Italy) to the development of the standard ISO/IEC 27037: Guidelines for identification, collection and/or acquisition and preservation of digital evidence, for which he led the WG ISO27037 for the Italian National Body in 2010.
The author of many scientific publications, Pasquale has also been a speaker at several national and international conferences and seminars on digital forensics and a lecturer on the same subject for Polytechnic of Milano and United Nations (UNICRI). Pasquale is a Ph.D candidate at Royal Institute of Technology (KTH), Stockholm. He holds an MSc in computer engineering from Polytechnic of Torino, and he has GCFA, GREM, OPST, OWSE, and ECCE certifications and is a member of DFA, Tech and Law Center, and ONIF. You can find his details on LinkedIn at https://www.linkedin.com/in/pasqualestirparo.
  • Intro
  • Learning iOS Forensics
  • Table of Contents
  • Learning iOS Forensics
  • Credits
  • About the Author
  • Acknowledgments
  • About the Author
  • Acknowledgments
  • About the Reviewers
  • www.PacktPub.com
  • Support files, eBooks, discount offers, and more
  • Why subscribe?
  • Free access for Packt account holders
  • Preface
  • What this book covers
  • What you need for this book
  • Who this book is for
  • Conventions
  • Reader feedback
  • Customer support
  • Downloading the color images of this book
  • Errata
  • Piracy
  • Questions
  • 1. Digital and Mobile Forensics
  • Digital forensics
  • Mobile forensics
  • Digital evidence
  • Identification, collection, and preservation of evidence
  • Chain of custody
  • Going operational - from acquisition to reporting
  • Evidence integrity
  • SIM cards
  • SIM security
  • Summary
  • Self-test questions
  • 2. Introduction to iOS Devices
  • iOS devices
  • iPhone
  • iPhone (first model)
  • iPhone 3G
  • iPhone 3GS
  • iPhone 4
  • iPhone 4s
  • iPhone 5
  • iPhone 5c
  • iPhone 5s
  • iPhone 6
  • iPhone 6 Plus
  • iPad
  • iPad (first model)
  • iPad 2
  • iPad 3 (the new iPad)
  • iPad 4 (with Retina display)
  • iPad Air
  • iPad mini
  • iPad mini second generation
  • iPad mini third generation
  • iPod touch
  • iPod touch (first model)
  • iPod touch (second generation)
  • iPod touch (third generation)
  • iPod touch (fourth generation)
  • iPod touch (fifth generation)
  • iOS devices matrix
  • iOS operating system
  • iDevice identification
  • iOS file system
  • The HFS+ file system
  • Device partitions
  • System partition
  • Data partition
  • The property list file
  • SQLite database
  • Summary
  • Self-test questions
  • 3. Evidence Acquisition from iDevices
  • iOS boot process and operating modes
  • iOS data security
  • Hardware security features
  • File data protection
  • Unique device identifier
  • Case study - UDID calculation on iPhone 4s
  • Lockdown certificate
  • Search and seizure
  • iOS device acquisition
  • Direct acquisition
  • Backup or logical acquisition
  • Acquisition with iTunes backup
  • Logical acquisition with forensic tools
  • Case study - logical acquisition with Oxygen Forensic® Suite
  • Advanced logical acquisition
  • Case study - advanced logical acquisition with UFED Physical Analyzer
  • Physical acquisition with forensic tools
  • Case study - physical acquisition with UFED Physical Analyzer
  • The iOS device jailbreaking
  • Case study - jailbreaking and physical acquisition with Elcomsoft iOS Forensic Toolkit
  • Apple support for law enforcement
  • Search and seizure flowchart
  • Extraction flowchart
  • Summary
  • Self-test questions
  • 4. Analyzing iOS Devices
  • How data are stored
  • Timestamps
  • Databases
  • The property list files
  • The iOS configuration files
  • Native iOS apps
  • Address book
  • Audio recordings
  • Calendar
  • Call history
  • E-mail
  • Images
  • Maps
  • Notes
  • Safari
  • SMS/iMessage
  • Voicemail
  • Other iOS forensics traces
  • Clipboard
  • Keyboard
  • Location
  • Snapshots
  • Spotlight
  • Wallpaper
  • Third-party application analysis
  • Skype
  • WhatsApp
  • Facebook
  • Cloud storage applications
  • Dropbox
  • Google Drive
  • Deleted data recovery
  • File carving - is it feasible?
  • Carving SQLite deleted records
  • Case study - iOS analysis with Oxygen Forensics Suite 2014
  • Summary
  • Self-test questions
  • 5. Evidence Acquisition and Analysis from iTunes Backup
  • iTunes backup
  • iTunes backup folders
  • iTunes backup content
  • iTunes backup structure
  • Standard backup files
  • iTunes backup data extraction
  • Case study - iTunes backup analysis with iPBA
  • Encrypted iTunes backup cracking
  • Case study - iTunes encrypted backup cracking with EPPB
  • Summary
  • Self-test questions
  • 6. Evidence Acquisition and Analysis from iCloud
  • iCloud
  • iDevice backup on iCloud
  • iDevice backup acquisition
  • Case study - iDevice backup acquisition and EPPB with usernames and passwords
  • Case study - iDevice backup acquisition and EPPB with authentication token
  • Case study - iDevice backup acquisition with iLoot
  • iCloud Control Panel artifacts on the computer
  • Summary
  • Self-test questions
  • 7. Applications and Malware Analysis
  • Setting up the environment
  • The class-dump-z tool
  • Keychain Dumper
  • dumpDecrypted
  • Application analysis
  • Data at rest
  • Data in use
  • Data in transit
  • Automating the analysis
  • The iOS Reverse Engineering Toolkit
  • idb
  • Summary
  • Self-test questions
  • A. References
  • Publications freely available
  • Tools, manuals, and reports
  • Apple's official documentation
  • Device security and data protection
  • Device hardening
  • iTunes backup
  • iCloud Backup
  • Application data analysis
  • Related books
  • B. Tools for iOS Forensics
  • Acquisition tools
  • iDevice browsing tools and other nonforensic tools
  • iDevice backup analyzer
  • iDevice encrypted backup
  • iCloud Backup
  • Jailbreaking tools
  • iOS 8
  • iOS 7
  • iOS 6
  • Data analysis
  • Forensic toolkit
  • SQLite viewer
  • SQLite record carver
  • Plist viewer
  • iOS analysis suite
  • App analysis tools
  • Consolidated.db
  • App reverse engineering tools
  • C. Self-test Answers
  • Chapter 1: Digital and Mobile Forensics
  • Chapter 2: Introduction to iOS Devices
  • Chapter 3: Evidence Acquisition from iDevices
  • Chapter 4: Analyzing iOS Devices
  • Chapter 5: Evidence Acquisition and Analysis from iTunes Backup
  • Chapter 6: Evidence Acquisition and Analysis from iCloud
  • Chapter 7: Applications and Malware Analysis
  • Index

Dateiformat: EPUB
Kopierschutz: Adobe-DRM (Digital Rights Management)


Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat EPUB ist sehr gut für Romane und Sachbücher geeignet - also für "fließenden" Text ohne komplexes Layout. Bei E-Readern oder Smartphones passt sich der Zeilen- und Seitenumbruch automatisch den kleinen Displays an. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Weitere Informationen finden Sie in unserer E-Book Hilfe.

Download (sofort verfügbar)

31,17 €
inkl. 19% MwSt.
Download / Einzel-Lizenz
ePUB mit Adobe DRM
siehe Systemvoraussetzungen
E-Book bestellen

Unsere Web-Seiten verwenden Cookies. Mit der Nutzung dieser Web-Seiten erklären Sie sich damit einverstanden. Mehr Informationen finden Sie in unserem Datenschutzhinweis. Ok