Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Practical Mobile Forensics

You're reading from   Practical Mobile Forensics Dive into mobile forensics on iOS, Android, Windows, and BlackBerry devices with this action-packed, practical guide

Arrow left icon
Product type Paperback
Published in Jul 2014
Publisher
ISBN-13 9781783288311
Length 328 pages
Edition 1st Edition
Tools
Concepts
Arrow right icon
Toc

Table of Contents (15) Chapters Close

Preface 1. Introduction to Mobile Forensics FREE CHAPTER 2. Understanding the Internals of iOS Devices 3. Data Acquisition from iOS Devices 4. Data Acquisition from iOS Backups 5. iOS Data Analysis and Recovery 6. iOS Forensic Tools 7. Understanding Android 8. Android Forensic Setup and Pre Data Extraction Techniques 9. Android Data Extraction Techniques 10. Android Data Recovery Techniques 11. Android App Analysis and Overview of Forensic Tools 12. Windows Phone Forensics 13. BlackBerry Forensics Index

Timestamps


Before examining the data, it is important to understand the different timestamps used on the iPhone. Timestamps found on the iPhone are presented either in the Unix timestamp or Mac absolute time format. The examiner must ensure that the tools properly convert the timestamps for the files. Access to the raw SQLite files will allow the examiner to verify the timestamps manually.

Unix timestamps

A Unix timestamp is the number of seconds that offsets the Unix epoch time, which starts on January 1, 1970. A Unix timestamp can be converted easily using the date command on a Mac workstation or using an online Unix epoch convertor on a Windows workstation. The date command is shown as follows:

$date -r 1388538061
Wed Jan 1 06:31:01 IST 2014

Mac absolute time

iOS devices adopted the use of Mac absolute time with iOS 5 for most of the data. Mac absolute time is the number of seconds that offsets the Mac epoch time, which starts on January 1, 2001. The difference between the Unix epoch time...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image