Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Practical Mobile Forensics

You're reading from   Practical Mobile Forensics A hands-on guide to mastering mobile forensics for the iOS, Android, and the Windows Phone platforms

Arrow left icon
Product type Paperback
Published in May 2016
Publisher
ISBN-13 9781786464200
Length 412 pages
Edition 2nd Edition
Tools
Concepts
Arrow right icon
Authors (3):
Arrow left icon
Rohit Tamma Rohit Tamma
Author Profile Icon Rohit Tamma
Rohit Tamma
Satish Bommisetty Satish Bommisetty
Author Profile Icon Satish Bommisetty
Satish Bommisetty
Heather Mahalik Heather Mahalik
Author Profile Icon Heather Mahalik
Heather Mahalik
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Introduction to Mobile Forensics FREE CHAPTER 2. Understanding the Internals of iOS Devices 3. iOS Forensic Tools 4. Data Acquisition from iOS Devices 5. Data Acquisition from iOS Backups 6. iOS Data Analysis and Recovery 7. Understanding Android 8. Android Forensic Setup and Pre Data Extraction Techniques 9. Android Data Extraction Techniques 10. Android Data Analysis and Recovery 11. Android App Analysis, Malware, and Reverse Engineering 12. Windows Phone Forensics 13. Parsing Third-Party Application Files

Timestamps

Before examining the data, it is important to understand the different timestamps that are used on iOS devices. Timestamps found on iOS devices are presented either in the UNIX timestamp or Mac absolute time format. The examiner must ensure that the tools properly convert the timestamps for the files. Access to the raw SQLite files will allow the examiner to verify these timestamps manually. Further information on iOS timestamps can be found at http://www.zdziarski.com/blog/wp-content/uploads/2013/05/iOS-Forensic-Investigative-Methods.pdf.

UNIX timestamps

A UNIX timestamp is the number of seconds that offsets the UNIX epoch time, which starts on January 1, 1970. A UNIX timestamp can be converted easily using the date command on a Mac workstation or using an online UNIX epoch converter on a Windows workstation. The date command is as follows:

$date -r 1455070351
Tues Feb 9 21:12:31 EST 2016

Mac absolute time

iOS devices adopted the use of Mac absolute time with iOS 5 for...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image