Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
iOS Forensics for Investigators

You're reading from   iOS Forensics for Investigators Take mobile forensics to the next level by analyzing, extracting, and reporting sensitive evidence

Arrow left icon
Product type Paperback
Published in May 2022
Publisher Packt
ISBN-13 9781803234083
Length 316 pages
Edition 1st Edition
Tools
Concepts
Arrow right icon
Author (1):
Arrow left icon
Gianluca Tiepolo Gianluca Tiepolo
Author Profile Icon Gianluca Tiepolo
Gianluca Tiepolo
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Section 1 – Data Acquisition from iOS Devices
2. Chapter 1: Introducing iOS Forensics FREE CHAPTER 3. Chapter 2: Data Acquisition from iOS Devices 4. Section 2 – iOS Data Analysis
5. Chapter 3: Using Forensic Tools 6. Chapter 4: Working with Common iOS Artifacts 7. Chapter 5: Pattern-of-Life Forensics 8. Chapter 6: Dissecting Location Data 9. Chapter 7: Analyzing Connectivity Data 10. Chapter 8: Email and Messaging Forensics 11. Chapter 9: Photo, Video, and Audio Forensics 12. Chapter 10: Analyzing Third-Party Apps 13. Chapter 11: Locked Devices, iTunes Backups, and iCloud Forensics 14. Section 3 – Reporting
15. Chapter 12: Writing a Forensic Report and Building a Timeline 16. Other Books You May Enjoy

Summary

In this chapter, we learned what the goal of a forensic examination is and how the discovery of the checkm8 vulnerability provides new opportunities for data acquisition from iOS devices.

First, we introduced the iOS operating system and discussed some key elements of its security architecture, such as Secure Enclave and Data Protection. Then, we went through the steps of an iOS forensic examination.

The first step is seizing the device and adopting techniques to preserve evidence, such as placing the device in a Faraday bag or enabling Airplane mode. There are different ways to acquire data from an iOS device, depending on the model, iOS version, and what tools are available. This chapter covered logical and filesystem acquisition techniques, as well as jailbreaking and agent-based extractions.

Analyzing artifacts should be done by following a thorough validation process that ensures that commercial tools produce consistent results and that evidence has been processed in a forensically sound way.

Finally, we learned what key elements should be included in a forensic report.

The next chapter will discuss iOS data acquisition in detail and provide a hands-on approach to the tools that are used to conduct a forensic examination.

You have been reading a chapter from
iOS Forensics for Investigators
Published in: May 2022
Publisher: Packt
ISBN-13: 9781803234083
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image