Many first time forensic investigators – and even those on most agencies who are tasked with mobile forensic extractions often are missing key components necessary for them to succeed in court. Vendors who produce specialized products generally provide adequate training on their tool but usually exclude basic and advanced validation techniques. The examiner should never rely on the “push button” approach – they must fully be aware of what is taking place when they conduct an exam as well as the core fundamentals needed to “look” into a person’s mobile device. This begins when the device is collected and carries through to questions posed while on the stand.
Seeking the Truth with Mobile Evidence by John Bair will assist those who have never collected mobile evidence, as well as augmenting professionals who are currently not performing advanced destructive techniques. This book is intended for any professional that is interested in pursuing work that involves mobile forensics. The book is designed around the outcomes of criminal investigations that involve mobile digital evidence. Author John Bair brings you the techniques and concepts that can assist others who may be seeking the same type of work within the private or corporate sector.
Mobile devices have always been very dynamic in nature. They also have become an integral part of our lives, and often times a “digital representation” of where we are, who we communicate with and what we document around us. Because they constantly change features, allow user enabled security and or encryption, those employed with extracting user data are often times overwhelmed with the process as well as “how do I keep up with all this?” Seeking the Truth with Mobile Evidence is a complete guide to mobile device forensics, written in an easy to understand and follow format. You will understand limitations of particular types of exams and by the end of the first section, know the mobile evidence can be different internally – and unlike computer forensics fully explain that most labs cannot simply “image” a mobile device.
- Understand the steps and methodology of mobile forensics acquisitions from start to finish, including legal issues, SIM file systems, mobile networks, virtual networks, and troubleshooting
- Learn how to investigate using Attention Terminal Protocols, encoding/decoding, Protocol Delivery Unit (PDU), NAND and NOR memory, wear-leveling, garbage collection and SQlite databases
- Presents complete coverage of Protocol Delivery Unit (PDU), Joint Test Action Group (JTAG) techniques, use of flasher and programming boxes, as well as chip-off (destructive) techniques
The book is expected to be published in November 2017 and is available for pre-order here.