iPhone Forensics : Recovering Evidence, Personal Data, and Corporate Assets


Jonathan. Zdziarski
Bok Engelsk 2008 · Electronic books.
Utgitt
Sebastopol : : O'Reilly Media, , 2008.
Omfang
1 online resource (144 p.)
Opplysninger
Description based upon print version of record.. - iPhone Forensics; Preface; Acknowledgments; Organization of the Material; Conventions Used in This Book; Using Code Examples; Legal Disclaimer; Safari® Books Online; We'd Like to Hear from You; 1. Introduction to Computer Forensics; Rules of Evidence; Good Forensic Practices; Document the Evidence; Document All Changes; Establish an Investigation Checklist; Be Detailed; Technical Processes; 2. Understanding the iPhone; Equipment You'll Need; Determining the Firmware Version; Disk Layout; Communication; Upgrading the iPhone Firmware; Restore Mode and Integrity of Evidence. - Activation Records7. Case Help; Data Carving; Strings Dumps; Employee Destroyed Important Data; Seized iPhone: Whose Is It and Where Is He?; What?; When and Where?; How Can I Be Sure?; A. Disclosures and Source Code; Installation Record (Disclosure); Technical Procedure; Source Code Examples; Index; Colophon. - Cross-Contamination and Syncing3. Accessing the iPhone; Windows (iLiberty+ v1.3.0.113); Step 2: Dock the iPhone and Launch iTunes; Step 3: Launch iLiberty+ and Verify Connectivity; Mac OS X; Windows; Step 4: Activate the Forensic Toolkit Payload; Windows; Step 5: Install the Payload; Windows; It's stuck!; What to watch for; Circumventing Passcode Protection (Firmware v1.0.2-1.1.4); Manual Bypass; Step 2: Enter recovery mode; Step 3: Upload and boot the custom bypass RAM disk; Installing the Recovery Toolkit (Firmware v2.x); Step 2: Use Xpwn to Customize the Stage 1 Firmware. - Step 3: Use Xpwn to Customize the Stage 2 FirmwareStep 4: Install the Staged Firmware Bundles; Removing the Forensic Recovery Toolkit; 4. Forensic Recovery; Creating an Ad-Hoc Network; Windows; SSH to the iPhone; Recovering the Media Partition; Windows; Tools Needed; MD5 Digests; Unencrypted Recovery; Windows; Sending the data; Encrypted Recovery of the Media Partition; Making Commercial Tools Compatible; Data Carving Using Foremost/Scalpel; Voicemail messages; Property lists; SQLite databases; Email; Web pages; Other files; PGP blocks; Images; Building Rules; Scanning with Foremost/Scalpel. - Validating Images with ImageMagickStrings Dump; Windows; The Takeaway; 5. Electronic Discovery; Mounting the Disk Image; Windows and HFSExplorer; Graphical File Navigation; Extracting Image Geotags with Exifprobe; SQLite Databases; SQLite Built-in Commands; Issuing SQL Queries; Important Database Files; Address Book Images; Google Maps Data; Calendar Events; Call History; Email Database; Notes; SMS Messages; Voicemail; Property Lists; Windows; Important Property List Files; Other Important Files; 6. Desktop Trace; Serial Number Records; Windows XP; Windows Vista; Device Backups. - ""This book is a must for anyone attempting to examine the iPhone. The level of forensic detail is excellent. If only all guides to forensics were written with this clarity!""-Andrew Sheldon, Director of Evidence Talks, computer forensics experts With iPhone use increasing in business networks, IT and security professionals face a serious challenge: these devices store an enormous amount of information. If your staff conducts business with an iPhone, you need to know how to recover, analyze, and securely destroy sensitive data. iPhone Forensics supplies the knowledge
Emner
Sjanger
Dewey
ISBN
0596153589. - 9780596153588

Bibliotek som har denne