Mobile Forensics – The File Format Handbook: Common File Formats and File Systems Used in Mobile Devices

Mobile Forensics – The File Format Handbook: Common File Formats and File Systems Used in Mobile Devices

English | 2022 | ISBN: 978-3030984663 | 282 Pages | PDF | 33 MB

This open access book summarizes knowledge about several file systems and file formats commonly used in mobile devices. In addition to the fundamental description of the formats, there are hints about the forensic value of possible artefacts, along with an outline of tools that can decode the relevant data.

The book is organized into two distinct parts:

Part I describes several different file systems that are commonly used in mobile devices.

APFS is the file system that is used in all modern Apple devices including iPhones, iPads, and even Apple Computers, like the MacBook series.
Ext4 is very common in Android devices and is the successor of the Ext2 and Ext3 file systems that were commonly used on Linux-based computers.
The Flash-Friendly File System (F2FS) is a Linux system designed explicitly for NAND Flash memory, common in removable storage devices and mobile devices, which Samsung Electronics developed in 2012.
The QNX6 file system is present in Smartphones delivered by Blackberry (e.g. devices that are using Blackberry 10) and modern vehicle infotainment systems that use QNX as their operating system.

Part II describes five different file formats that are commonly used on mobile devices.

SQLite is nearly omnipresent in mobile devices with an overwhelming majority of all mobile applications storing their data in such databases.
The second leading file format in the mobile world are Property Lists, which are predominantly found on Apple devices.
Java Serialization is a popular technique for storing object states in the Java programming language. Mobile application (app) developers very often resort to this technique to make their application state persistent.
The Realm database format has emerged over recent years as a possible successor to the now ageing SQLite format and has begun to appear as part of some modern applications on mobile devices.
Protocol Buffers provide a format for taking compiled data and serializing it by turning it into bytes represented in decimal values, which is a technique commonly used in mobile devices.

The aim of this book is to act as a knowledge base and reference guide for digital forensic practitioners who need knowledge about a specific file system or file format. It is also hoped to provide useful insight and knowledge for students or other aspiring professionals who want to work within the field of digital forensics. The book is written with the assumption that the reader will have some existing knowledge and understanding about computers, mobile devices, file systems and file formats.

Homepage