Checklists and Walkthroughs

Checklists

Peer Review

Peer Review for Mobile Forensics Checklist

Peer Review Checklist for Mobile Forensics written by Ricky Johnson and Jessica Hyde with Peer Review from Trevor Holt and Alexis Brignoni.

Walkthroughs

ALEAPP

Walkthrough on how to use the Android mobile forensic analysis tool, ALEAPP. ALEAPP by Alexis Brignoni can be downloaded at https://github.com/abrignoni/ALEAPP

Andriller

This video demonstrates how to use Andriller to parse results from an Android Mobile Forensics extraction. Andriller can be downloaded from https://github.com/den4uk/andriller

Autopsy

This video shows you how to load an Android Mobile Forensics Image into Autopsy for processing. This tool is available at https://www.autopsy.com/download/

iLEAPP

Walkthrough on how to use the iOS mobile forensic analysis tool, iLEAPP. iLEAPP by Alexis Brignoni can be downloaded at https://github.com/abrignoni/iLEAPP

FQLite

Demonstration of using FQLite to look at a SQLite database. FQLite offers data recovery and WAL file analysis features and is available at https://www.staff.hs-mittweida.de/~pawlaszc/fqlite/

HxD

This video shows the basic use of reviewing data in HxD Hex Editor. The tool is available at https://mh-nexus.de/en/hxd/

MBox Viewer

Demonstration of how to use MBox Viewer to view emails from a Google Takeout. MBox Viewer is available at https://sourceforge.net/projects/mbox-viewer/

NTFS Case Sensitivity

Walkthrough on how to set Case Sensitivity on a folder of an NTFS drive. This is important when dealing with iOS forenisc images on NTFS drives on Windows computers as APFS is case sensitive. Check out Troy Schnack’s blog to learn more.

Python 3

This video shows how to install Python and perform a pip upgrade in order to be able to use tools like ALEAPP, iLEAPP, Andriller and more for Mobile Forensics. Python 3 can be downloaded at https://www.python.org/downloads/

RLEAPP

This video shows how to use the RLEAPP tool from Alexis Brignoni to process a Google Takeout. This method can be used to process other self-archives or warrant return data for supported formats. RLEAPP is available here: https://github.com/abrignoni/RLEAPP

SQLite Browser

This video shows the basic use of reviewing data in SQLite Broswer also known as DB Browser for SQLite. The tool is available at https://sqlitebrowser.org/

SQLite Walker

This video shows how to use SQLite Walker by Kevin Pagano to find SQLite databases in an image. The tool download can be found here: https://github.com/stark4n6/SQLiteWalker

7-zip

This document shows how to use 7-zip to unarchive some image files to work with them in other tools.