Seeking the Truth from Mobile Evidence - 1st Edition - ISBN: 9780128110560

Seeking the Truth from Mobile Evidence

1st Edition

Basic Fundamentals, Intermediate and Advanced Overview of Current Mobile Forensic Investigations

Authors: John Bair
Paperback ISBN: 9780128110560
Imprint: Academic Press
Published Date: 22nd November 2017
Page Count: 526
Tax/VAT will be calculated at check-out Price includes VAT (GST)

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

Seeking the Truth from Mobile Evidence: Basic Fundamentals, Intermediate and Advanced Overview of Current Mobile Forensic Investigations will assist those who have never collected mobile evidence and augment the work of professionals who are not currently performing advanced destructive techniques. This book is intended for any professional that is interested in pursuing work that involves mobile forensics, and is designed around the outcomes of criminal investigations that involve mobile digital evidence. Author John Bair brings to life the techniques and concepts that can assist those in the private or corporate sector.

Mobile devices have always been very dynamic in nature. They have also become an integral part of our lives, and often times, a digital representation of where we are, who we communicate with and what we document around us. Because they constantly change features, allow user enabled security, and or encryption, those employed with extracting user data are often overwhelmed with the process. This book presents a complete guide to mobile device forensics, written in an easy to understand format.

Key Features

  • Provides readers with basic, intermediate, and advanced mobile forensic concepts and methodology.
  • Thirty overall chapters which include such topics as, preventing evidence contamination, triaging devices, troubleshooting, report writing, physical memory and encoding, date and time stamps, decoding Multi-Media-Messages, decoding unsupported application data, advanced validation, water damaged phones, Joint Test Action Group (JTAG), Thermal and Non-Thermal chip removal, BGA cleaning and imaging, In-System-Programming (ISP), and more.
  • Popular JTAG boxes – Z3X and RIFF/RIFF2 are expanded on in detail.
  • Readers have access to the companion guide which includes additional image examples, and other useful materials.

Readership

Digital forensic professionals and analysts, information security professionals, researchers, and practitioners, legal professionals, law enforcement officers, as well as students in digital forensics criminal justice programs at university

Table of Contents

Chapter 1 – Defining Cell Phone Forensics & Standards

Chapter 2 – Evidence Contamination and Faraday Methods

Chapter 3 – The Legal Process Part 1

Chapter 4 – The Legal Process Part 2

Chapter 5 – The Cellular Network

Chapter 6 – Subscriber Identity Module

Chapter 7 – Device Identification

Chapter 8 – Triaging Mobile Evidence

Chapter 9 – The Logical Exam

Chapter 10 – Troubleshooting Logical Exams

Chapter 11 – Manual Exams

Chapter 12 – Report Writing

Chapter 13 – Physical Acquisitions

Chapter 14 – Physical Memory & Encoding

Chapter 15 – Date & Time Stamps

Chapter 16 – Manual Decoding MMS

Chapter 17 – Decoding Application Data

Chapter 18 – Advanced Validation

Chapter 19 – Android user enabled security

Chapter 20 – Non-destructive hardware & software solutions

Chapter 21 – Phone disassembly & water damaged phones

Chapter 22 – JTAG (Joint Test Action Group)

Chapter 23 – JTAG specialized equipment

Chapter 24 – RIFF Box Overview

Chapter 25 – Z3X (Easy JTAG) Box

Chapter 26 – Thermal chip removal

Chapter 27 – Non-thermal chip removal

Chapter 28 – BGA cleaning

Chapter 29 – Creating an image

Chapter 30 – eMMC Reading & In-System-Programming

Details

No. of pages:
526
Language:
English
Copyright:
© Academic Press 2018
Published:
Imprint:
Academic Press
Paperback ISBN:
9780128110560

About the Author

John Bair

John Bair is currently employed as a detective with the Tacoma Police Department. He has been commissioned as a law enforcement officer since May 1989. During his assignment in the homicide unit he began specializing in Cell Phone Forensics.

In 2006 John created the current forensic lab that focuses on mobile evidence related to violent crimes. His case experience shortly thereafter gained the attention of Mobile Forensics Incorporated (MFI) where he was hired and spent several years serving as a contract instructor. MFI soon merged with AccessData to become the only training vendor for their mobile forensics core. This relationship fostered direct contact with engineers who assist in criminal cases which need anomalies and exploits addressed within their forensics products.

July 2013 he was hired as a contract instructor by Fox Valley Technical College to assist in training for the Department Of Justice - Amber Alert Program. His expertize with mobile forensics is being utilized to structure a digital evidence module for investigators responding to scenes where children had been abducted. The program promotes how to prevent mobile evidence contamination and how to triage live devices under exigent circumstances.

Within in Pierce County, he began a mobile forensics training program for Superior Court Prosecutors and Judicial Officers which is currently in its fourth year. The program stresses the technical origins of the warrant language, what to check for, validation of evidence and how to present this dynamic content in court.

In December 2013, Detective Bair gave a presentation to the University Of Washington Tacoma (UWT) Institute of Technology which provided an outline to merge digital solutions between the Tacoma Police Department and UWT. The relationship will focus on building a digital forensic lab that will be modeled after the Marshall University Forensic Science Center in West Virginia. The lab proposal also includes the ability to conduct advanced destructive forensics which will be a one of kind facility on the west coast. Based upon the proposal to create a combined lab, John created a mobile forensic course and began part time lecturing at UWT in April 2014. The course covers legal concepts, logical, physical searching methods and manual “carving”. John authored his own student and lab manuals for these courses. In March 2015, John started an intern program within the lab at the Tacoma Police which involved students from this program. In late August 2015, one of the interns was able to use advance python writing to assist with parsing over 3300 deleted messages in a homicide that took place earlier that year.

John Bair has instructed at various federal labs within the United States (Secret Service, ICE). He has presented on mobile evidence as a guest speaker at Paraben’s Innovative Conference, Washington State Association of Prosecuting Attorney’s (WAPA) Summit, and the Computer Technology Investigations Network Digital Forensics Conference. Recently he spoke at the 16th Annual Conference on Information Technology Education / 4th Annual Research in IT Conference in Chicago Illinois. These conferences are sponsored by the ACM Special Interest Group for Information Technology Education (SIGITE). John and two other professors from the University Of Washington – Tacoma (UWT) recently co-authored a paper regarding the current Mobile Forensic Program.

John has over 42 certifications related to digital evidence training. The following reflect the most significant related to mobile forensics: Mobile Forensics Certified Examiner (MFCE), Cellebrite Certified Mobile Examiner (CCME), Cellebrite Certified Physical Analyst (CCPA), Cellebrite Certified Logical Operator (CCLO), AccessData Certified Examiner (ACE), Cellebrite Mobile Forensics Fundamentals (CMFF), AccessData Mobile Examiner (AME), and Cellebrite Certified Task Instructor.

John is also the co-owner of the forensics expert services firm, NAND Forensics (www.nandforensics.com).

Affiliations and Expertise

MFCE, CCME, CCPA, CCLO, AME, Lecturer - Digital Mobile Forensics, University of Washington (Tacoma)