What this book covers
The way this book is organized is to start with an overview of mobile forensics and what you should know about it. The first section goes over the forensic process and discusses different options to acquire data from iOS devices. The second section describes approaches and best practices to analyze the data, such as manually parsing through the artifacts. This section also covers the most popular forensic tools that are used in an examination. The final section of the book discusses how to build a timeline and best practices for the creation of a forensic report.
Chapter 1, Introducing iOS Forensics, introduces the topic of mobile forensics by describing the forensic process and the iOS operating system.
Chapter 2, Data Acquisition from iOS Devices, describes all available options to successfully acquire the data from an iOS device. We'll discuss logical, physical, and filesystem acquisitions, and much more, such as agent-based extractions.
Chapter 3, Using Forensic Tools, describes why forensic tools are important and how an investigator can benefit by using them. The chapter takes an in-depth look at some of the most popular tools, such as Cellebrite Physical Analyzer and Magnet AXIOM.
Chapter 4, Working with Common iOS Artifacts, introduces common artifacts that can be found on iOS devices, such as SQLite databases and Property lists. We'll learn how to identify these artifacts, where to find them, and how to analyze them.
Chapter 5, Pattern-of-Life Forensics, focuses on artifacts that can help an investigator understand a user's day-to-day activities, such as what apps were used and for how long.
Chapter 6, Dissecting Location Data, is all about extracting, analyzing, and understanding location-related artifacts.
Chapter 7, Analyzing Connectivity Data, discusses cellular forensics, networking data, Bluetooth and Wi-Fi artifacts, and browsing history.
Chapter 8, Email and Messaging Forensics, describes different email clients and messaging applications and how to analyze their data.
Chapter 9, Photo, Video, and Audio Forensics, dives deep into multimedia forensics.
Chapter 10, Analyzing Third-Party Apps, introduces third-party applications. You will learn how to analyze any kind of application and how to quickly locate artifacts from the most popular iOS apps.
Chapter 11, Locked Devices, iTunes Backups, and Cloud Forensics, discusses more advanced topics, such as working with locked devices and extracting forensic data from iCloud.
Chapter 12, Writing a Forensic Report and Building a Timeline, puts together all the knowledge acquired in the previous chapters by teaching you how to produce a comprehensive timeline report.
