Packt+ | Advance your knowledge in tech

You're reading from Practical Mobile Forensics A hands-on guide to mastering mobile forensics for the iOS, Android, and the Windows Phone platforms

Product type Paperback

Published in Jan 2018

Publisher

ISBN-13 9781788839198

Length 402 pages

Edition 3rd Edition

Tools

Android

Concepts

Forensics

Authors (4):

Oleg Skulkin

Satish Bommisetty

Rohit Tamma

Heather Mahalik

View More author details

Table of Contents (14) Chapters

1. Introduction to Mobile Forensics FREE CHAPTER

2. Understanding the Internals of iOS Devices

3. Data Acquisition from iOS Devices

4. Data Acquisition from iOS Backups

5. iOS Data Analysis and Recovery

6. iOS Forensic Tools

7. Understanding Android

8. Android Forensic Setup and Pre-Data Extraction Techniques

9. Android Data Extraction Techniques

10. Android Data Analysis and Recovery

11. Android App Analysis, Malware, and Reverse Engineering

12. Windows Phone Forensics

13. Parsing Third-Party Application Files

14. Other Books You May Enjoy

Leave a review - let other readers know what you think

Key artifacts for examination

In this section, we are going to introduce you to the location of some of the most common Windows Phone forensic artifacts, including contacts, SMS, and call and internet history.

Extracting contacts and SMS

All the contacts and incoming and outgoing short messages (SMS) in Windows Phone 7–10 are stored in the file named store.vol, which is present under the \Application Data\Microsoft\Outlook\Stores\DeviceStore (Windows 7) and Users\WPCOMMSERVICES\APPDATA\Local\Unistore (Windows 8-10) directories. An example of a Windows 10 store.vol file is shown in the following screenshot:

The store.vol file in a Windows Phone

Extracting call history

Call history data can currently be extracted from the Phone file. It's important to note that the file doesn't have an extension and is located at \Users\WPCOMMSERVICES\APPDATA\ Local\UserData\. Here is an example of a Windows 10 Phone file: