Practical Mobile Forensics: Forensically investigate and analyze iOS, Android, and Windows 10 devices, 4th Edition

I didn't find much that was compelling, innovative or not-well-known in this book, but it does serve as a sort-of-compendium of publicly-known tools and techniques. The book is useful to the beginner, but will not give you any tips to improve your skills - just the basic information about which tool or technique to use. That said, I found this book useful, if a bit overpriced for what it is.

I highly recommend anyone interested in learning about mobile forensics get a copy of this book. It's a great resource to have in your library.

If you are looking for a great book to read and are new DFIR (Digital Forensics Incident Response), this is the book to get real "practical" knowledge that can be immediately tested and put into practice. If you are like me and have been doing digital forensics for a number of years, this book also acts as a great reference to updated areas of interest and mobile device imaging including checkra1n/checkm8. iOS plists reference, understanding SQLite databases, where to look on Android EXT volumes and much more. It also demonstrates the digital artifacts from multiple forensic tools so no matter what tool you use, there is likely an example in the book. This isn't an in-depth SQLite book, or python book or etc. This book covers all the main areas you need to understand on how these mobile devices work, were the important data is stored and how to extract that information. My experience is that 90% of the mobile cases I've worked over the last decade would be solved by following the information in this book and using your own investigative mind to expose the truth.

The mobile forensics field changes weekly it seems. Books in the mobile forensics field have very short shelf lives given how quickly things evolve. However, at this time, this book is the best you'll get for mobile forensics until the presumed fifth edition comes out. This book goes very in depth into iOS as well as using multiple tools that real world examiners actually use. Hence, the Practical in the title of the book holding very true. Android is covered very in depth as well, as it should be. I'm surprised Windows phones are covered but I guess it doesn't hurt to add for legacy device examinations but thankfully only a chapter is set aside for this topic. You never know, a Homicide could involve a Windows phone which by itself would validate having this chapter exist, so overall I'm not mad about it! One thing I'd like to point out is Heather Mahalik hasn't been actively involved in the content of these books since the second edition. I'm sure plenty of her research and content is still present in this edition but if you want to stay up on her latest research and happenings, follow her on Twitter and hang out in her online social gatherings. That is not to take anything away from everyone else on the cover. They do a great job with the book but I feel that point is fair to share for those looking for something actively created by Heather.

It is always going to be difficult writing a book about mobile phone forensics, simply because of the speed with which mobile devices and mobile device operating systems are updated, and how dynamic the mobile ecosystem is. That being said I feel that the authors have still written a useful book that can act as a reference for mobile forensic examiners, even if some of the content is not current. The authors cover the two big mobile operating systems in some detail, namely iOS and Android. They also cover the Windows Phone OS, and while the authors justify including it in case an examiner comes across a Windows Phone, I feel that this is less and less likely due to the "throw away" consumer nature of mobile phones. I likes the emphasis they placed on foundational knowledge of both of these, which I feel provides a good theoretical grounding on how each works. This is something that I think is often ignored in favour of just showing what tools can be used to get to the data on these devices, and I think that it is something that more digital forensic practitioners need to know about. The foundation is after all what allows for a strong case to be built. It terms of practical applications, which is the focus of the book based on its title, I feel that the authors have done a good job of showing the various practical techniques that are applicable with regards to the extraction and analysis of data from mobile devices. They also have not focused on demonstrating only one or two mobile forensics tools, but have really provided a comprehensive view to the reader of the various tools available and some of their capabilities. This vendor neutral approach is to be commended. The book certainly provides a good introduction to mobile forensics, and provides examiners with practical techniques and methods that they can use in their investigations, achieving what the title of the book sets out to do.

This book is a great introduction to mobile forensics. The authors provide instruction on how to use multiple tools (some free / some commercial) during an investigation. In forensics, it is important to remember there are multiple tools being used, and some work better than others depending on the particular device being investigated. I really enjoyed the chapter on iOS forensics and the coverage of HFS+ and APFS. Overall a really enjoyable read that brings someone into the world of mobile forensics.

Writing a book about mobile forensics that covers the latest versions of apps, operating-systems and techniques is an unachievable task. However, this book is a very good introduction to mobile device forensics and provides methods, techniques and tool suggestions useful to the extraction and the analysis of mobile phones. While reading this book, the experienced examiner may occasionally wish for a more extensive and profound discussion.

This book gave me a lot of information about the Mobile forensics and the application in some scenarios in real life.

I didn't find much that was compelling, innovative or not-well-known in this book, but it does serve as a sort-of-compendium of publicly-known tools and techniques. The book is useful to the beginner, but will not give you any tips to improve your skills - just the basic information about which tool or technique to use. That said, I found this book useful, if a bit overpriced for what it is.

I highly recommend anyone interested in learning about mobile forensics get a copy of this book. It's a great resource to have in your library.

If you are looking for a great book to read and are new DFIR (Digital Forensics Incident Response), this is the book to get real "practical" knowledge that can be immediately tested and put into practice. If you are like me and have been doing digital forensics for a number of years, this book also acts as a great reference to updated areas of interest and mobile device imaging including checkra1n/checkm8. iOS plists reference, understanding SQLite databases, where to look on Android EXT volumes and much more. It also demonstrates the digital artifacts from multiple forensic tools so no matter what tool you use, there is likely an example in the book. This isn't an in-depth SQLite book, or python book or etc. This book covers all the main areas you need to understand on how these mobile devices work, were the important data is stored and how to extract that information. My experience is that 90% of the mobile cases I've worked over the last decade would be solved by following the information in this book and using your own investigative mind to expose the truth.

The mobile forensics field changes weekly it seems. Books in the mobile forensics field have very short shelf lives given how quickly things evolve. However, at this time, this book is the best you'll get for mobile forensics until the presumed fifth edition comes out. This book goes very in depth into iOS as well as using multiple tools that real world examiners actually use. Hence, the Practical in the title of the book holding very true. Android is covered very in depth as well, as it should be. I'm surprised Windows phones are covered but I guess it doesn't hurt to add for legacy device examinations but thankfully only a chapter is set aside for this topic. You never know, a Homicide could involve a Windows phone which by itself would validate having this chapter exist, so overall I'm not mad about it! One thing I'd like to point out is Heather Mahalik hasn't been actively involved in the content of these books since the second edition. I'm sure plenty of her research and content is still present in this edition but if you want to stay up on her latest research and happenings, follow her on Twitter and hang out in her online social gatherings. That is not to take anything away from everyone else on the cover. They do a great job with the book but I feel that point is fair to share for those looking for something actively created by Heather.

It is always going to be difficult writing a book about mobile phone forensics, simply because of the speed with which mobile devices and mobile device operating systems are updated, and how dynamic the mobile ecosystem is. That being said I feel that the authors have still written a useful book that can act as a reference for mobile forensic examiners, even if some of the content is not current. The authors cover the two big mobile operating systems in some detail, namely iOS and Android. They also cover the Windows Phone OS, and while the authors justify including it in case an examiner comes across a Windows Phone, I feel that this is less and less likely due to the "throw away" consumer nature of mobile phones. I likes the emphasis they placed on foundational knowledge of both of these, which I feel provides a good theoretical grounding on how each works. This is something that I think is often ignored in favour of just showing what tools can be used to get to the data on these devices, and I think that it is something that more digital forensic practitioners need to know about. The foundation is after all what allows for a strong case to be built. It terms of practical applications, which is the focus of the book based on its title, I feel that the authors have done a good job of showing the various practical techniques that are applicable with regards to the extraction and analysis of data from mobile devices. They also have not focused on demonstrating only one or two mobile forensics tools, but have really provided a comprehensive view to the reader of the various tools available and some of their capabilities. This vendor neutral approach is to be commended. The book certainly provides a good introduction to mobile forensics, and provides examiners with practical techniques and methods that they can use in their investigations, achieving what the title of the book sets out to do.

This book is a great introduction to mobile forensics. The authors provide instruction on how to use multiple tools (some free / some commercial) during an investigation. In forensics, it is important to remember there are multiple tools being used, and some work better than others depending on the particular device being investigated. I really enjoyed the chapter on iOS forensics and the coverage of HFS+ and APFS. Overall a really enjoyable read that brings someone into the world of mobile forensics.

Writing a book about mobile forensics that covers the latest versions of apps, operating-systems and techniques is an unachievable task. However, this book is a very good introduction to mobile device forensics and provides methods, techniques and tool suggestions useful to the extraction and the analysis of mobile phones. While reading this book, the experienced examiner may occasionally wish for a more extensive and profound discussion.

This book gave me a lot of information about the Mobile forensics and the application in some scenarios in real life.