Mobile Forensics
Mobile Forensics
Mobile Forensics
  • Introduction
  • Preparations
    • Knowledge
    • Safety
    • Trust
    • Backup
  • Methodology
  • Checking Windows Computers
    • Review Programs Launching at Startup
    • Review Running Processes
    • Review Network Connections
    • Extract Data for Further Analysis
  • Checking Mac Computers
    • Review Programs Launching at Startup
    • Review Running Processes
    • Review Kernel Extensions
    • Review Network Connections
    • Review XProtect Logs
    • Extract Data for Further Analysis
  • Checking Smartphones
    • Note: curriculum
    • Smartphone System Architecture
    • Check Devices Linked to Chat Applications
    • Check for Suspicious Messages
    • Monitor Network Traffic
    • Note: Monitoring Network Traffic on Linux
  • Checking Android Devices Basic
    • Review Installed Applications
    • Check Storage
    • Check if the Phone is under Android Device Policy
    • Check if the Phone is Rooted
    • Check if Developer Options is Enabled
    • Analyze Applications
    • Extract Data for Further Analysis
    • Optional : Check for Indicators of Stalkerware Installation
  • Checking Android Devices Advanced
    • Wireshark
    • MVT
    • Other Tools
  • Checking iOS Devices
    • Review iCloud Accounts
    • Review Installed Applications
    • Check for Mobile Device Management Profiles
    • Check for Shortcuts
    • Check for Jailbreaks
    • Enable and Check App Privacy Report
    • Extract Data for Further Analysis
    • Analyzing Extracted Data
    • About Lockdown Mode
  • Checking Devices Remotely
    • Mac Computers
    • Android
  • Concluding a Forensic Gathering
  • References and Further Learning
  • License and Credits
Powered by GitBook
On this page
  1. Preparations

Backup

PreviousTrustNextMethodology

Last updated 3 years ago

Although under normal circumstances it shouldn't happen, there's always the eventuality that some tools, while performing some aggressive checks, particularly on older or cluttered systems, might cause some instability and crashes. You should be prepared for this eventuality. It might also be the case that if you find the device to be infected, you might want to safekeep it and the owner will want to recover some data.

It is advisable that before proceeding with the inspection you make sure the owner is aware of any risk of data loss, and that all steps have been taken to preserve at the very least the most critical files. Of course, a full and secure backup of the system is a much more preferable option, but circumstances and time do not always allow for that.

Along with a USB drive with the collection of tools you might need for the inspection, you should consider always carrying an extra drive with you (perhaps with or any other file encryption utility you prefer) to be used in case you need to preserve some files from the device.

VeraCrypt