Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation, Second Edition

I enjoyed Lee's first book. As a desktop forensic practitioner, I found it useful when I first read it in my transition to cell phones when I first started examining these completely different devices. Lee's work seemed specifically designed to assist in my transition.Now that I encounter cell phones regularly, in fact in the majority, I picked up the second edition as a refresher. and to catch up on the latest in ioT, wearables and drones. I was not disappointed.After chapters 1-7 laid the foundations (worth the read even for the experienced examiner), I was impressed by the author's willingness to take a non-vendor approach in Chapter 8, going over common commercial tools and frankly, making a complete an honest assessment of the strenghts and weaknesses of each.Chapter 9 was unique, as far as digital forensics works. This chapter actually dealt with designing a practical forensic examination workstation! Having dealt with so many agencies and corporations that have small budgets and long procurement cycles, I have found it critical to have this discussion and a great addition to the book.Chapters 10 and 15 started getting into the meat, covering the major feature sets, srchitecture and methods used for each of the major OS's we find in the field. Lee points out what he calls "The Tip of the Iceberg" data, what I have always known as a network guy as 'low hanging fruit"- the data I hit to do my first pass and get out the initial findings report. He then dives into the file systems and feature sets that can yield relevant artifacts in each OS.Chapter 16 was greatly appreciated, increasing my knowledge of what can and can be gleaned from IoT's, wearables and drones, covering both non-invasive and invasive techniques. Especially enlightening was the limits on how much you can get from the devices themselves and the primary source of evidence being the cloud storage and accts.As fitting, the last chapter was on the proper format, tips and techniques to make a compelling findings report.Overall, a great read and a book that will be handy at my workstation... until he does the next edition!MJ

Like Lee’s first book, I find that I use this book a few times every week for my work. It’s consistently my best resource for non-vendor specific information. I have the hard copy for reading and the kindle version to perform keyword searches to find answers quickly.

Book is well written and easy to follow even for new comers. This will be a reference for many in the field

BLUF: Buy the book, along with Lee's first book (if you don't have the first one already).The introduction is excellent, describing in detail the many varying aspects involved in mobile-device forensics including the types of data present on mobile devices, how mobile devices are similar to, or differ from, normal computers and the differences between mobile-device forensics and traditional computer forensics.He has done a good job of describing how newer device types, such as smarthome devices, wearables, and drones are affecting the forensic landscape, as well as how cloud storage impacts a mobile-device investigation.Chapters 5-8 cover collection, preparing, protecting and seizing digital-device evidence, as well as excellent coverage of the major mobile-device-forensics tools used commonly today, including Oxygen, Cellebrite, Magnet (IEF/Axiom), and XRY. I particularly like how he gives sufficient coverage to the multiple-tool approach, and making sure we validate and verify our results using various software tools, along with manual methods. In Chapter 8, an introduction is given to the different types of extractions, such as ISP, JTAG, and chipoff, as well as secondary tools that can be used to supplement the expensive automated software tools we buy.One of the chapters (Chapter 9) that I like the most, ironically, covers how to deal with preparation of the forensic computer system. He covers how OS, RAM, hard-disk type, external storage and such impact the capacity we have to process cases, describing what each aspect impacts which capability. Besides this, he shows how to locate and install device drivers for mobile devices, including URLs for the major mobile-device manufacturers. Troubleshooting, updating, and cleaning device drivers is also covered. I suppose I like this chapter because it contains all the information that I wish every student in my classes already knew before they showed up to class.Chapters include how to perform collections on devices, SIM cards, feature phones, Windows phones, and BlackBerry phones. He acknowledges openly that Windows and BlackBerry OS phones are very rare these days, but... personally, I've done a few dozen of those this year alone, so... it's excellent information should you need it.Chapters 13-15 include advanced iOS, SQLite, and Android analysis, as well as a bit of the Python programming language. This is a brief, but excellent treatment of common files of forensic interest in IOS and Android, as well as a very good, if quick, description of the format of SQLite databases and methods for querying data from the same. Sample scripts in Python are given so that a reader could start to use Python to do some decoding and analysis. These chapters will be my most-used reference material. Note: if you want a great book about SQLite Forensics, grab Paul Sanderson's book.Chapter 16 contains very good information on wearables, smarthome devices, Apple Watches, drones, as well as the cloud services associated with those devices. Although it's not all-inclusive, it contains wide-ranging information that should set any investigator on a path to understanding how these devices store their data and methods to analyze it.The last chapter (Chapter 17) deals with the presentation/reporting of your findings in your report. It is obvious that Lee has ample experience in this area. Anyway, good chapter.In summary, this is definitely a book you want on your shelf, for both the beginning and experienced investigator.

Lee's book is PACKED with useful and practical information. I most appreciate the content of not just the technical aspects, but the investigative aspects. Lee's writing displays his prior law enforcement experience, which will benefit non-law enforcement examiners greatly as the forensic analysis is more than just the "tech" but also the "investigation".I recommend reading through the entire book first, taking as long as it takes, just to be familiar with all the information in it. Then, keep it on the nearest shelf to pull out as needed with your exams. Having written a book or two, I have a good idea of how much effort was put into this book, and this book shows a lot of work.I would also recommend this book for prep before taking any mobile forensic course as you will get so much more out of your course after being exposed to everything in this book.Well done Lee!

Good book