Seeking the Truth from Mobile Evidence

Seeking the Truth from Mobile Evidence

Basic Fundamentals, Intermediate and Advanced Overview of Current Mobile Forensic Investigations

1st Edition - November 13, 2017

Write a review

  • Author: John Bair
  • Paperback ISBN: 9780128110560
  • eBook ISBN: 9780128110577

Purchase options

Purchase options
DRM-free (PDF, Mobi, EPub)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


Seeking the Truth from Mobile Evidence: Basic Fundamentals, Intermediate and Advanced Overview of Current Mobile Forensic Investigations will assist those who have never collected mobile evidence and augment the work of professionals who are not currently performing advanced destructive techniques. This book is intended for any professional that is interested in pursuing work that involves mobile forensics, and is designed around the outcomes of criminal investigations that involve mobile digital evidence. Author John Bair brings to life the techniques and concepts that can assist those in the private or corporate sector. Mobile devices have always been very dynamic in nature. They have also become an integral part of our lives, and often times, a digital representation of where we are, who we communicate with and what we document around us. Because they constantly change features, allow user enabled security, and or encryption, those employed with extracting user data are often overwhelmed with the process. This book presents a complete guide to mobile device forensics, written in an easy to understand format.

Key Features

  • Provides readers with basic, intermediate, and advanced mobile forensic concepts and methodology
  • Thirty overall chapters which include such topics as, preventing evidence contamination, triaging devices, troubleshooting, report writing, physical memory and encoding, date and time stamps, decoding Multi-Media-Messages, decoding unsupported application data, advanced validation, water damaged phones, Joint Test Action Group (JTAG), Thermal and Non-Thermal chip removal, BGA cleaning and imaging, In-System-Programming (ISP), and more
  • Popular JTAG boxes – Z3X and RIFF/RIFF2 are expanded on in detail
  • Readers have access to the companion guide which includes additional image examples, and other useful materials


Digital forensic professionals and analysts, information security professionals, researchers, and practitioners, legal professionals, law enforcement officers, as well as students in digital forensics criminal justice programs at university

Table of Contents

  • 1. Defining Cell Phone Forensics & Standards
    2. Evidence Contamination and Faraday Methods
    3. The Legal Process Part 1
    4. The Legal Process Part 2
    5. The Cellular Network
    6. Subscriber Identity Module
    7. Device Identification
    8. Triaging Mobile Evidence
    9. The Logical Exam
    10. Troubleshooting Logical Exams
    11. Manual Exams
    12. Report Writing
    13. Physical Acquisitions
    14. Physical Memory & Encoding
    15. Date and Time Stamps
    16. Manual Decoding MMS
    17. Decoding Application Data
    18. Advanced Validation
    19. Android user enabled security
    20. Non-destructive hardware and software solutions
    21. Phone disassembly and water damaged phones
    22. JTAG (Joint Test Action Group)
    23. JTAG specialized equipment
    24. RIFF Box Overview
    25. Z3X (Easy JTAG) Box
    26. Thermal chip removal
    27. Non-thermal chip removal
    28. BGA cleaning
    29. Creating an image
    30. eMMC Reading & In-System-Programming

Product details

  • No. of pages: 528
  • Language: English
  • Copyright: © Academic Press 2017
  • Published: November 13, 2017
  • Imprint: Academic Press
  • Paperback ISBN: 9780128110560
  • eBook ISBN: 9780128110577

About the Author

John Bair

John Bair is currently employed as a detective with the Tacoma Police Department. He has been commissioned as a law enforcement officer since May 1989. During his assignment in the homicide unit he began specializing in Cell Phone Forensics.

In 2006 John created the current forensic lab that focuses on mobile evidence related to violent crimes. His case experience shortly thereafter gained the attention of Mobile Forensics Incorporated (MFI) where he was hired and spent several years serving as a contract instructor. MFI soon merged with AccessData to become the only training vendor for their mobile forensics core. This relationship fostered direct contact with engineers who assist in criminal cases which need anomalies and exploits addressed within their forensics products.

July 2013 he was hired as a contract instructor by Fox Valley Technical College to assist in training for the Department Of Justice - Amber Alert Program. His expertize with mobile forensics is being utilized to structure a digital evidence module for investigators responding to scenes where children had been abducted. The program promotes how to prevent mobile evidence contamination and how to triage live devices under exigent circumstances.

Within in Pierce County, he began a mobile forensics training program for Superior Court Prosecutors and Judicial Officers which is currently in its fourth year. The program stresses the technical origins of the warrant language, what to check for, validation of evidence and how to present this dynamic content in court.

In December 2013, Detective Bair gave a presentation to the University Of Washington Tacoma (UWT) Institute of Technology which provided an outline to merge digital solutions between the Tacoma Police Department and UWT. The relationship will focus on building a digital forensic lab that will be modeled after the Marshall University Forensic Science Center in West Virginia. The lab proposal also includes the ability to conduct advanced destructive forensics which will be a one of kind facility on the west coast. Based upon the proposal to create a combined lab, John created a mobile forensic course and began part time lecturing at UWT in April 2014. The course covers legal concepts, logical, physical searching methods and manual “carving”. John authored his own student and lab manuals for these courses. In March 2015, John started an intern program within the lab at the Tacoma Police which involved students from this program. In late August 2015, one of the interns was able to use advance python writing to assist with parsing over 3300 deleted messages in a homicide that took place earlier that year.

John Bair has instructed at various federal labs within the United States (Secret Service, ICE). He has presented on mobile evidence as a guest speaker at Paraben’s Innovative Conference, Washington State Association of Prosecuting Attorney’s (WAPA) Summit, and the Computer Technology Investigations Network Digital Forensics Conference. Recently he spoke at the 16th Annual Conference on Information Technology Education / 4th Annual Research in IT Conference in Chicago Illinois. These conferences are sponsored by the ACM Special Interest Group for Information Technology Education (SIGITE). John and two other professors from the University Of Washington – Tacoma (UWT) recently co-authored a paper regarding the current Mobile Forensic Program.

John has over 42 certifications related to digital evidence training. The following reflect the most significant related to mobile forensics: Mobile Forensics Certified Examiner (MFCE), Cellebrite Certified Mobile Examiner (CCME), Cellebrite Certified Physical Analyst (CCPA), Cellebrite Certified Logical Operator (CCLO), AccessData Certified Examiner (ACE), Cellebrite Mobile Forensics Fundamentals (CMFF), AccessData Mobile Examiner (AME), and Cellebrite Certified Task Instructor.

John is also the co-owner of the forensics expert services firm, NAND Forensics (

Affiliations and Expertise

MFCE, CCME, CCPA, CCLO, AME, Lecturer - Digital Mobile Forensics, University of Washington (Tacoma)

Ratings and Reviews

Write a review

Latest reviews

(Total rating for all reviews)

  • Matthew Fri Jun 05 2020

    A Great Book To Teach the Fundamentals

    In the field of mobile forensics this author shows their vast area of knowledge of it and it also is great due to the fact that it gives real world examples to help the reader get a better grasp on the subject matter greatly increasing the readability. Would definitely recommend this to anyone looking to go into mobile forensics or who is interested in the field.

  • Merissa M. Thu Jun 04 2020

    Great step by step processes

    Seeking the Truth from Mobile Evidence is a great textbook that encompasses the forensic process on older cell phones. The book itself starts each chapter with a true scenario the author has come across so you can relate the relevance of the chapter to a real-world scenario. The actual processes in the book are step by step. The author does a great job breaking the processes down so that is it easy to follow along. I would recommend the online version over the hard copy if you are a visual person. The photos are much better online, but they get the job done in the book as well. Sometimes the little details just are a little more difficult to see in the hard copy. At the end of each chapter there is a brief summary, which is nice if you just need a quick reminder on a main concept. The book talks about various topics including the difference in cell phones, how to decode hex coding to see deleted messages, what to consider when handling a phone on a crime scene and even provides explanations on how to remove a chip off the phone to retrieve data. It has a lot of cool stuff to read about. I did personally use this book as a tool and was able to accomplish many of the different activities by following along. I would recommend even if you don’t have access to the tools needed but are interested in this field. It has a lot of good information.

  • Tanner M. Thu Jun 04 2020

    Great Introduction to Mobile Forensics!

    Of all the textbooks I've read, I believe this is the first one that I have read every page. With decades of experience in this field, the author does a fantastic job blending in real-life case examples to further explain concepts, humor, and tips based on his prior successes and failures. Before reading, I had some interest in mobile forensics, but after reading and listening to all the author had to say made me want to pursue a career in this field. The book provides a great range of concepts, starting from defining mobile forensics and its basic principles/procedures, to more advanced techniques like JTAG extractions and the proper steps for performing thermal/non-thermal chip-offs. This book is a must read for anyone that has any interest in digital forensics!

  • Tri Wed Jun 03 2020

    A must have book for anyone interested in mobile forensics

    This is not just a regular book, it is a guide fill with step by step instruction on the whats and the how to of mobile forensics. This book will teach you everything you will need to know about JTAG, ISP, Chip off (thermal and non-thermal), logical and physical examination , BGA cleaning, and even the legal process of mobile forensics. This book offer a vast variety of experience and knowledge and I world recommend it to anybody who's interested in learning the in's and out's of mobile forensics.

  • Tri Sat May 30 2020

    Must have book for those who are interested in mobile forensics or related field

    One of the most well written book I've seen thus far. The author has great knowledge over the topic of mobile forensics and shows in great detail the steps and procedure of many activities such as JTAG, ISP, Thermal and non-thermal chip removal, as well as logical and physical examinations, Acquisitions, decoding MMS, and even illustrate the legal process for this field. The books also provide lots of pictures that will guide you on your journey of learning the In's and out's of mobile forensics.

  • Zachary S. Fri May 22 2020

    Essential reading for those going into mobile forensics

    Mobile device forensics is an evolving area in the field of digital forensics. This textbook attempts to bridge the gap by providing an in-depth look into mobile devices, explaining technologies involved as well as their relationship to forensic procedures. It encompasses a great deal of the genre, with the beginning of the book covering fundamental concepts and altering its scope to more advanced aspects such as chip-off extractions and JTAG methods. Seeking the Truth from Mobile Evidence lends itself to a pragmatic take on the subject, with no shortage of photos and valuable information to help to accompany the reader along the way. This book stands as testament to the wealth of knowledge at John Bair’s disposal and should make its way into anyone’s library who is interested in the field.

  • K. C. Sat May 09 2020

    Excellent Textbook

    This was one of the few textbooks that I have read cover to cover. It is well-structured and gives a very solid foundation in mobile digital forensics, especially when paired with quality instruction. I think he does a good job covering a wide variety of topics. For example, anything from report writing, to hardware techniques like JTAGs and Chip-offs, to regex and the use and functionality of different vendor software. I also love how John brings in stories from his personal life, as well as his humor, into his writing.

  • Bob C. Tue Dec 19 2017

    Great read for the advanced mobile forensics examiner

    John's book provides a great overview of techniques available to forensic examiners when dealing with mobile phone forensics. The book goes through the processes from seizing the exhibit; providing a basic understanding of aspects of cell phones; understanding of levels of data analysis; methods of acquiring devices; and much more. John provides detailed insight on the advanced hardware techniques that are close to my heart including JTAG; ISP and Chipoff. A job well done!