Mobile Forensics - the File Format Handbook : (Record no. 309997)
[ view plain ]
| 000 -LEADER | |
|---|---|
| fixed length control field | 08737nam a22004333i 4500 |
| 001 - CONTROL NUMBER | |
| control field | EBC6976056 |
| 005 - DATE AND TIME OF LATEST TRANSACTION | |
| control field | 20240122001618.0 |
| 006 - FIXED-LENGTH DATA ELEMENTS--ADDITIONAL MATERIAL CHARACTERISTICS | |
| fixed length control field | m o d | |
| 007 - PHYSICAL DESCRIPTION FIXED FIELD--GENERAL INFORMATION | |
| fixed length control field | cr cnu|||||||| |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
| fixed length control field | 231124s2022 xx o ||||0 eng d |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 9783030984670 |
| Qualifying information | (electronic bk.) |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| Canceled/invalid ISBN | 9783030984663 |
| 035 ## - SYSTEM CONTROL NUMBER | |
| System control number | (MiAaPQ)EBC6976056 |
| 035 ## - SYSTEM CONTROL NUMBER | |
| System control number | (Au-PeEL)EBL6976056 |
| 035 ## - SYSTEM CONTROL NUMBER | |
| System control number | (OCoLC)1315756811 |
| 040 ## - CATALOGING SOURCE | |
| Original cataloging agency | MiAaPQ |
| Language of cataloging | eng |
| Description conventions | rda |
| -- | pn |
| Transcribing agency | MiAaPQ |
| Modifying agency | MiAaPQ |
| 050 #4 - LIBRARY OF CONGRESS CALL NUMBER | |
| Classification number | QA76.9.A73 |
| 100 1# - MAIN ENTRY--PERSONAL NAME | |
| Personal name | Hummert, Christian. |
| 245 10 - TITLE STATEMENT | |
| Title | Mobile Forensics - the File Format Handbook : |
| Remainder of title | Common File Formats and File Systems Used in Mobile Devices. |
| 250 ## - EDITION STATEMENT | |
| Edition statement | 1st ed. |
| 264 #1 - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE, AND COPYRIGHT NOTICE | |
| Place of production, publication, distribution, manufacture | Cham : |
| Name of producer, publisher, distributor, manufacturer | Springer International Publishing AG, |
| Date of production, publication, distribution, manufacture, or copyright notice | 2022. |
| 264 #4 - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE, AND COPYRIGHT NOTICE | |
| Date of production, publication, distribution, manufacture, or copyright notice | �2022. |
| 300 ## - PHYSICAL DESCRIPTION | |
| Extent | 1 online resource (276 pages) |
| 336 ## - CONTENT TYPE | |
| Content type term | text |
| Content type code | txt |
| Source | rdacontent |
| 337 ## - MEDIA TYPE | |
| Media type term | computer |
| Media type code | c |
| Source | rdamedia |
| 338 ## - CARRIER TYPE | |
| Carrier type term | online resource |
| Carrier type code | cr |
| Source | rdacarrier |
| 505 0# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Intro -- Preface -- Roadmap -- Scope of the Book -- Conventions Used in This Book -- Acknowledgements -- Contents -- Part I Mobile File System Formats -- Chapter 1 APFS -- 1.1 Introduction -- 1.2 APFS File system category -- 1.2.1 Finding the APFS container -- 1.2.2 Object header -- Object type, some examples -- Object type masks -- Object type flags -- Ephemeral Objects -- Physical Objects -- Virtual Objects -- 1.2.3 Superblocks -- 1.2.4 Checkpoint mapping -- 1.2.5 Volumes -- Finding the Volume -- Showing the Volume (APSB) -- Volume Object mapping -- 1.3 APFS Metadata Category -- 1.4 APFS File Name category -- 1.5 APFS Content Category -- 1.6 APFS Application Category -- 1.7 Comparing our results with a commercial tool -- Chapter 2 Ext4 -- 2.1 Introduction -- 2.2 Ext4 File system category -- 2.3 Superblock -- 2.3.1 Temporary data about the File system -- 2.3.2 Supported features -- Compatible features -- Incompatible features -- Read only compatible features -- 2.3.3 The group descriptor -- Universal Unique Identifier -- 2.4 Ext4 Metadata Category -- 2.4.1 The inode -- 2.4.2 User privileges and type of file -- 2.4.3 Temporary metadata describing inodes -- 2.4.4 Temporary metadata manipulations -- 2.4.5 Links count -- Blocks used by a file -- Inode flags -- Block map, Extent tree or inline data -- File version -- Operating System Descriptor 2 -- Project ID -- 2.5 Ext4 File Name category -- 2.6 Ext4 Content Category -- 2.6.1 Recovery of files -- Inode Carving using extent magic signature -- 2.6.2 Generic metadata time carving -- 2.6.3 Additional file content -- 2.7 Ext4 Application Category -- Chapter 3 The Flash-Friendly File System (F2FS) -- 3.1 Introduction -- 3.1.1 NAND (Not And) Flash Memory -- NAND flash memory -- NOR flash memory -- 3.1.2 Flash Translation Layer (FTL) -- 3.2 Flash Filesystems. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | 3.2.1 The Log-Structured File System (LSFS) or (LFS) -- 3.2.2 Flash-Friendly File System (F2FS): Enter F2FS -- 3.2.3 Wandering Tree Problem -- 3.3 On-Disk Layout of F2FS -- Sector -- Partitions -- 3.3.1 Creation of F2FS partitions with Mkfs.f2fs -- 3.3.2 F2FS on Disk -- Superblock -- Zone -- Section and Segment -- Check Point (CP) -- Segment Information Table (SIT) -- Node Address Table (NAT) -- Segment Summary Area (SSA) -- Updates to the SIT and NAT -- Shadow Copy -- Main Area -- 3.4 File Structure of F2FS -- 3.4.1 Node Structure -- 3.4.2 File Creation and Management -- Directory Structure -- 3.4.3 Fsck.f2fs Identifying Files -- 3.4.4 Metadata -- 3.4.5 Multi-Head Logging -- 3.4.6 Cleaning -- Adaptive Logging -- Roll-Back Recovery -- Important -- 3.5 Forensic Analysis -- 3.5.1 F2FS Sample Dataset -- 3.5.2 F2FS andWindows -- 3.5.3 Data-Extraction with XRY -- 3.5.4 Superblock Examination -- 3.5.5 Examine NAT, SIT & -- SSA with Linux -- Node Allocation Table (NAT) Data -- Show the Segment Info Table (SIT) Data -- Look inside the Segment Summary Area (SSA) Data -- Obtain a file by it's node ID -- 3.5.6 Carving for artefacts with XAMN -- PNG File Signature Analysis -- 3.5.7 Node Allocation Table (NAT) Comparisons -- Additional Data Structure -- 3.6 F2FS Application fields -- 3.7 Conclusion -- Chapter 4 QNX6 -- 4.1 Introduction -- 4.2 QNX6 Filesystem Structure -- 4.2.1 Superblock -- 4.2.2 Bitmap -- 4.2.3 Inode -- 4.2.4 Directories -- 4.2.5 Long Filenames Inode -- 4.3 Example: Construction of a file -- 4.4 Deleted Files -- 4.5 Forensic Tools supporting QNX6 filesystems -- Part II Mobile File Formats -- Chapter 5 SQLite -- 5.1 Introduction -- 5.2 The SQLite File Structure -- 5.2.1 The Database Header -- 5.2.2 Storage Classes, Serial Types and Varint-Encoding -- 5.2.3 Decoding The SQLite_Master Table -- 5.2.4 Page Structure. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | 5.2.5 Recovering Data Records -- 5.3 Accessing The Freelist -- 5.4 More Artefacts -- 5.4.1 Temporary File Types -- 5.4.2 Rollback Journals -- 5.4.3 Write-Ahead Logs -- 5.5 Conclusions -- Chapter 6 Property Lists -- 6.1 Introduction -- 6.2 Binary plist Structure -- 6.3 Example -- 6.4 Forensic Tools Supporting plists -- 6.5 Conclusions -- Chapter 7 Java Serialization -- 7.1 Introduction -- 7.2 Object Serialization in Java -- 7.2.1 Serialization Techniques in Java -- 7.2.2 Serialization by Example -- 7.3 Java Object Serialization Protocol Revealed -- 7.4 Pitfalls and Security Issues -- 7.4.1 Hands on Serialized Objects -- 7.4.2 Beware of Gadget Chains -- 7.5 Conclusions -- Chapter 8 Realm -- 8.1 Organisation of this Chapter -- 8.2 Introduction -- 8.3 SQLite, It is Not! -- 8.3.1 Relational Databases -- 8.3.2 SQLite as a Relational Database -- 8.3.3 SQLite Schema -- 8.3.4 Temporary SQLite Files -- 8.3.5 SQLite File Format -- 8.4 How Realm Works -- 8.4.1 Realm Database Fundamentals -- 8.4.2 Common Concepts and Terminology -- Basic Object-Oriented Programming Concepts -- Top-level Objects -- Object Types -- Group -- Arrays -- 8.5 File Storage and Structures -- 8.5.1 Realm Files and Folders -- 8.5.2 The Realm File -- The Lock File -- The Management Directory -- Stateless Realm Instances -- 8.5.3 Creating Realm Test Instance -- Step 1: Launch the Task Application -- Step 2: Open a CMD Window -- Step 3: Create an Output Folder -- Step 4: Start ADB -- Step 5: Get ADB Root -- Step 6: Find the Application Data -- Step 7: Use the "pull" Command -- 8.5.4 The Realm Database File Structure -- 8.5.5 Realm File Header -- "Top Ref" Bytes 0x00 to 0x0F (d0-d15) -- "Mnemonic" Bytes 0x10 to 0x13 (d16-d19) -- "File Format" Bytes 0x14 to 0x15 (d20-d21) -- "Reserved" Byte 0x16 (d22) -- "Flags" Byte 0x17 (d23) -- 8.5.6 Realm File Arrays -- 8.5.7 Realm Array Header. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | 8.5.8 Checksum -- 8.5.9 Flags -- Bit Group 1: is_inner_bptree_node -- Bit Group 2: has_refs -- Bit Group 3: context_flag -- Bit Group 4: width_scheme -- Bit Group 5: width_ndx -- 8.5.10 Size -- 8.5.11 Realm Array Payload -- 8.5.12 Size Calculation Example -- 8.5.13 Array Example Header -- 8.5.14 Array Example Flags -- 8.5.15 Array Example Size -- 8.6 Conclusion -- Chapter 9 Protocol Buffers -- 9.1 Introduction -- 9.1.1 What is a Protocol Buffer? -- 9.1.2 Why are Protocol Buffers Used? -- 9.2 Using Protocol Buffers -- Messages -- Services -- The Proto File -- Define the Syntax -- Message Type -- Fields -- Scalar Values -- 9.2.1 The Schema Defintion -- Field Type -- Field Names -- Enums -- Nesting -- Importing & -- Packages -- 9.2.2 Compiling Your Protocol Buffer -- Analysing the Python Protobuf-Code -- A 2nd Example The FormobileChat message -- Formobilechat_pb2.py -- 9.2.3 Creation of a Protobufs with Python -- Writing the Object to a Binary File -- Remember Size = Speed -- The Raw Binary Data -- 9.2.4 Reversing Proto Buffer Messages -- Data Conversion -- Timestamp -- Pictures or other files represented by octal data -- 9.3 Practical Analysis of different Proto Buffers -- 9.3.1 Mobile Device Artifact Examples -- Example Waze Navigation App -- BASE64 Encoding -- Example: Apple Web Cache file -- Identifying Base64 Encoded Data -- 9.3.2 Yet another example: Apply Property List (PLIST) Files -- 9.3.3 Suggested Examination Process of a File -- 9.3.4 Tools -- 9.4 Conclusion -- References -- Index. |
| 588 ## - SOURCE OF DESCRIPTION NOTE | |
| Source of description note | Description based on publisher supplied metadata and other sources. |
| 590 ## - LOCAL NOTE (RLIN) | |
| Local note | Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2023. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries. |
| 655 #4 - INDEX TERM--GENRE/FORM | |
| Genre/form data or focus term | Electronic books. |
| 700 1# - ADDED ENTRY--PERSONAL NAME | |
| Personal name | Pawlaszczyk, Dirk. |
| 776 08 - ADDITIONAL PHYSICAL FORM ENTRY | |
| Relationship information | Print version: |
| Main entry heading | Hummert, Christian |
| Title | Mobile Forensics - the File Format Handbook |
| Place, publisher, and date of publication | Cham : Springer International Publishing AG,c2022 |
| International Standard Book Number | 9783030984663 |
| 797 2# - LOCAL ADDED ENTRY--CORPORATE NAME (RLIN) | |
| Corporate name or jurisdiction name as entry element | ProQuest (Firm) |
| 856 40 - ELECTRONIC LOCATION AND ACCESS | |
| Uniform Resource Identifier | <a href="https://ebookcentral.proquest.com/lib/bacm-ebooks/detail.action?docID=6976056">https://ebookcentral.proquest.com/lib/bacm-ebooks/detail.action?docID=6976056</a> |
| Public note | Click to View |
No items available.