Books & Videos

Table of Contents

  1. Chapter 1 Introduction to Computer Forensics

    1. Making Your Search Legal

    2. Rules of Evidence

    3. Good Forensic Practices

    4. Technical Processes

  2. Chapter 2 Understanding the iPhone

    1. What’s Stored

    2. Equipment You’ll Need

    3. Determining the Firmware Version

    4. Disk Layout

    5. Communication

    6. Upgrading the iPhone Firmware

    7. Restore Mode and Integrity of Evidence

    8. Cross-Contamination and Syncing

  3. Chapter 3 Accessing the iPhone

    1. Installing the Recovery Toolkit (Firmware v1.0.2–1.1.4)

    2. Circumventing Passcode Protection (Firmware v1.0.2–1.1.4)

    3. Installing the Recovery Toolkit (Firmware v2.x)

    4. Removing the Forensic Recovery Toolkit

  4. Chapter 4 Forensic Recovery

    1. Configuring Wi-Fi and SSH

    2. Recovering the Media Partition

    3. Data Carving Using Foremost/Scalpel

    4. Validating Images with ImageMagick

    5. Strings Dump

    6. The Takeaway

  5. Chapter 5 Electronic Discovery

    1. Converting Timestamps

    2. Mounting the Disk Image

    3. Graphical File Navigation

    4. Extracting Image Geotags with Exifprobe

    5. SQLite Databases

    6. Important Database Files

    7. Property Lists

    8. Other Important Files

  6. Chapter 6 Desktop Trace

    1. Proving Trusted Pairing Relationships

    2. Serial Number Records

    3. Device Backups

    4. Activation Records

  7. Chapter 7 Case Help

    1. Employee Suspected of Inappropriate Communication

    2. Employee Destroyed Important Data

    3. Seized iPhone: Whose Is It and Where Is He?

  1. Appendix Disclosures and Source Code

    1. Power-On Device Modifications (Disclosure)

    2. Installation Record (Disclosure)

    3. Technical Procedure

  2. Colophon