Category Archives: iOS

Want your own copy of Practical Mobile Forensics for $5?

Hey everyone,

It’s the Holidays, so why not treat yourself to a copy of Practical Mobile Forensics? You can get the eBook for $5 until January 6th directly from Packt!  This book was designed to help both new and experienced examiners capture and analyze data from mobile devices.  Our goal was to use Open Source solutions as much as possible.  Check out the book and happy forensicating!

The link to purchase the book for $5 is

Happy Holidays!

Heather

Win A Free Copy of Packt’s Practical Mobile Forensics

I am pleased to announce that Packt Publishing is organizing a giveaway especially for you.   All you need to do is just comment below the post for a chance to win a free e-copy of Practical Mobile Forensics.  Two lucky winners will be selected.

book

Overview of Practical Mobile Forensics

  • Clear and concise explanations for forensic examinations of mobile devices
  • Master the art of extracting data, recovering deleted data, bypassing screen locks, and much more
  • The first and only guide covering practical mobile forensics on multiple platforms

How to Enter?

Simply post your expectations from this book as a comment or Tweet. You could be one of the 2 lucky participants to win the copy.

DeadLine: The contest will close on 09/25/04. Winners will be contacted by email, so be sure to use your real email address when you comment or contact me directly with it – hmahalik@smarterforensics.com.

Practical Mobile Forensics is RELEASED!

Happy Tuesday everyone. I am happy to say that Practical Mobile Forensics is officially released. http://www.packtpub.com/practical-mobile-forensics/book

This book was written by three of us hoping to guide those new to mobile forensics and those looking to branch into mobile device forensics. We provide practical methods for acquiring and analyzing data from smartphones and place an emphasis on open source tools, where possible.

Speaking of open source, the latest version of Autopsy is available and can be downloaded here: http://sourceforge.net/projects/autopsy/files/autopsy/3.1.0%20Beta%201/. This is a beta version, so your feedback is greatly appreciated.  Let me know what you think of the Android module. What is missing? Where should we focus our efforts?

Getting the most out of Smartphone Forensic Exams – SANS Advanced Smartphone Forensics Poster Release

Getting the most out of Smartphone Forensic Exams –

SANS Advanced Smartphone Forensics Poster Release

There is one certain thing in the DFIR field, and that is that there are far more facts, details and artifacts to remember than can easily be retained in any forensic examiner’s brain. SANS has produced an incredibly helpful array of Posters and Cheat Sheets for DFIR in order to assist examiners with those tidbits of information than can help to jumpstart their forensics exams and or intrusion and incident response investigations. The most recent addition to the SANS DFIR poster collection is the Advanced Smartphone Forensics Poster, created by SANS FOR585 authors Heather Mahalik, Domenica Crognale, and Cindy Murphy.

These days, digital forensic investigations often rely on data extracted from smartphones, tablets and other mobile devices. Smartphones are the most personal computing device associated to any user, and therefore often provide the most relevant data per gigabyte examined in an investigation. The Advanced Smartphone Forensics Poster will guide you through the elements of the mobile forensic process so that the results of your examination will hold up under scrutiny.

1

The acquisition of Smartphone evidence can be complicated by the large assortment of device makes, models, and operating systems, with varying levels of acquisition support. The Smartphone Acquisition guide included in the poster will guide you through the intricacies of acquiring data from locked and unlocked phones for the major Smartphone platforms.

2

Once data is acquired, interpretation of that data can involve complexities such as data encryption and encoding, and relics of flash memory storage. The Advanced Smartphone Forensics Poster will help you to work through the basics of flash memory data layout, and various types of data encryption and encoding common to Smartphone data to help you get the most out of the acquired evidence.

Commercial tools have a difficult standard to live up to in regards to data decoding and don’t fully address the challenges of mobile malware detection and analysis.  With all of the apps available, it’s nearly impossible to automate the process of decoding all of the relevant data. The Advanced Smartphone Forensics poster will help walk you through the basic steps of mobile malware detection and analysis, and provides you with common evidence locations for the major smartphone platforms to help you narrow down and efficiently identify data that is important to your investigation.

3

Use this poster as a handy reference guide to help you remember how to handle smartphones, where to obtain actionable intelligence, and how to recover and analyze data on the latest smartphones and tablets. Whether you’re new to smartphone forensics or you’re an experienced examiner, the SANS Advanced Smartphone Forensics Poster will help you get the most relevant evidence per gigabyte.

Click to access for585-poster.pdf

Cindy Murphy, SANS Instructor and Co-Author of FOR585