What is included with this book?
Jonathan Zdziarski is better known as the hacker "NerveGas" in the iPhone development community. His work in cracking the iPhone helped lead the effort to port the first open source applications, and his book, iPhone Open Application Development, taught developers how to write applications for the popular device long before Apple introduced its own SDK. Prior to the release of iPhone Forensics, Jonathan wrote and supported an iPhone forensics manual distributed exclusively to law enforcement. Jonathan frequently consults law enforcement agencies and assists forensic examiners in their investigations. He teaches an iPhone forensics workshop in his spare time to train forensic examiners and corporate security personnel.
Jonathan is also a full-time research scientist specializing in machine learning technology to combat online fraud and spam, an effort that led him to develop networking products capable of learning how to protect customers. He is founder of the DSPAM project, a high-profile, next-generation spam filter that was acquired in 2006 by Sensory Networks, Inc. He lectures widely on the topic of spam and is a foremost researcher in the fields of machine-learning and algorithmic theory.
Jonathan's website is zdziarski.com.
Foreword | p. ix |
Preface | p. xi |
Introduction to Computer Forensics | p. 1 |
Making Your Search Legal | p. 1 |
Rules of Evidence | p. 2 |
Good Forensic Practices | p. 3 |
Technical Processes | p. 5 |
Understanding the iPhone | p. 7 |
What's Stored | p. 8 |
Equipment You'll Need | p. 10 |
Determining the Firmware Version | p. 10 |
Disk Layout | p. 11 |
Communication | p. 12 |
Upgrading the iPhone Firmware | p. 13 |
Restore Mode and Integrity of Evidence | p. 14 |
Cross-Contamination and Syncing | p. 15 |
Accessing the iPhone | p. 19 |
Installing the Recovery Toolkit (Firmware v1.0.2-1.1.4) | p. 19 |
Circumventing Passcode Protection (Firmware v1.0.2-1.1.4) | p. 26 |
Installing the Recovery Toolkit (Firmware v2.x) | p. 30 |
Removing the Forensic Recovery/Toolkit | p. 42 |
Forensic Recovery | p. 43 |
Configuring Wi-Fi and SSH | p. 43 |
Recovering the Media Partition | p. 47 |
Data Carving Using Foremost/Scalpel | p. 55 |
Validating Images with ImageMagick | p. 61 |
Strings Dump | p. 62 |
The Takeaway | p. 63 |
Electronic Discovery | p. 65 |
Converting Timestamps | p. 65 |
Mounting the Disk Image | p. 66 |
Graphical File Navigation | p. 67 |
Extracting Image Geotags with Exifprobe | p. 69 |
SQLite Databases | p. 70 |
Important Database Files | p. 72 |
Property Lists | p. 81 |
Other Important Files | p. 85 |
Desktop Trace | p. 87 |
Proving Trusted Pairing Relationships | p. 88 |
Serial Number Records | p. 91 |
Device Backups | p. 92 |
Activation Records | p. 93 |
Case Help | p. 97 |
Employee Suspected of Inappropriate Communication | p. 97 |
Employee Destroyed Important Data | p. 100 |
Seized iPhone: Whose Is It and Where Is He? | p. 101 |
Disclosures and Source Code | p. 105 |
Index | p. 115 |
Table of Contents provided by Ingram. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.