iPhone forensics
""This book is a must for anyone attempting to examine the iPhone. The level of forensic detail is excellent. If only all guides to forensics were written with this clarity!""-Andrew Sheldon, Director of Evidence Talks, computer forensics experts With iPhone use increasing in b...
| Main Author: | |
|---|---|
| Format: | eBook |
| Language: | Inglés |
| Published: |
Sebastopol :
O'Reilly
2008.
|
| Edition: | First edition |
| Subjects: | |
| See on Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627295206719 |
Table of Contents:
- iPhone Forensics; Preface; Acknowledgments; Organization of the Material; Conventions Used in This Book; Using Code Examples; Legal Disclaimer; Safari® Books Online; We'd Like to Hear from You; 1. Introduction to Computer Forensics; Rules of Evidence; Good Forensic Practices; Document the Evidence; Document All Changes; Establish an Investigation Checklist; Be Detailed; Technical Processes; 2. Understanding the iPhone; Equipment You'll Need; Determining the Firmware Version; Disk Layout; Communication; Upgrading the iPhone Firmware; Restore Mode and Integrity of Evidence
- Cross-Contamination and Syncing3. Accessing the iPhone; Windows (iLiberty+ v1.3.0.113); Step 2: Dock the iPhone and Launch iTunes; Step 3: Launch iLiberty+ and Verify Connectivity; Mac OS X; Windows; Step 4: Activate the Forensic Toolkit Payload; Windows; Step 5: Install the Payload; Windows; It's stuck!; What to watch for; Circumventing Passcode Protection (Firmware v1.0.2-1.1.4); Manual Bypass; Step 2: Enter recovery mode; Step 3: Upload and boot the custom bypass RAM disk; Installing the Recovery Toolkit (Firmware v2.x); Step 2: Use Xpwn to Customize the Stage 1 Firmware
- Step 3: Use Xpwn to Customize the Stage 2 FirmwareStep 4: Install the Staged Firmware Bundles; Removing the Forensic Recovery Toolkit; 4. Forensic Recovery; Creating an Ad-Hoc Network; Windows; SSH to the iPhone; Recovering the Media Partition; Windows; Tools Needed; MD5 Digests; Unencrypted Recovery; Windows; Sending the data; Encrypted Recovery of the Media Partition; Making Commercial Tools Compatible; Data Carving Using Foremost/Scalpel; Voicemail messages; Property lists; SQLite databases; Email; Web pages; Other files; PGP blocks; Images; Building Rules; Scanning with Foremost/Scalpel
- Validating Images with ImageMagickStrings Dump; Windows; The Takeaway; 5. Electronic Discovery; Mounting the Disk Image; Windows and HFSExplorer; Graphical File Navigation; Extracting Image Geotags with Exifprobe; SQLite Databases; SQLite Built-in Commands; Issuing SQL Queries; Important Database Files; Address Book Images; Google Maps Data; Calendar Events; Call History; Email Database; Notes; SMS Messages; Voicemail; Property Lists; Windows; Important Property List Files; Other Important Files; 6. Desktop Trace; Serial Number Records; Windows XP; Windows Vista; Device Backups
- Activation Records7. Case Help; Data Carving; Strings Dumps; Employee Destroyed Important Data; Seized iPhone: Whose Is It and Where Is He?; What?; When and Where?; How Can I Be Sure?; A. Disclosures and Source Code; Installation Record (Disclosure); Technical Procedure; Source Code Examples; Index; Colophon
