I'm reviewing a case where Subject A (supervisor) sent Subject B (employee) threatening job-related text messages. Subject A admits to sending Subject B text messages, but states the text messages were edited, and were not her exact words. Subject A was not willing to consent to a search of her text messages. All we have is Subject B's iPhone 3.


I have researched this matter and have located ways to access sms.db and edit/delete messages, but only when the phone has been jailbroken. Is it possible to edit messages w/o the phone be jailbroken?  

I can think of two things to test.

1. Backup phone, unpack backup and edit sms.db, restore phone.
2. iphone explorer may provide you access to write to the file system but im not sure

other than that, unless its jailbroken id imagine its harder to edit the texts. can you get the other phone used in the conversation?  

- randomaccess

2. iphone explorer may provide you access to write to the file system but im not sure

I'm pretty sure that unless the device has been jailbroken there is no way to mount the device and access this location using a file explorer.
_________________
Colin Mortimer
FishNet Security 

- randomaccess

I can think of two things to test.

1. Backup phone, unpack backup and edit sms.db, restore phone.
2. iphone explorer may provide you access to write to the file system but im not sure

other than that, unless its jailbroken id imagine its harder to edit the texts. can you get the other phone used in the conversation?

No - the other half is not willing to give up their cellular telephone (I wonder why??).

I guess my follow-up question would be, if extracted via Cellebrite, and the software version is iBoot-931.71.16, that would indicate it has not been jailbroken, correct? I've never come across a jailbroken file extraction.  

quickest way to tell is look for cydia on the phone.
other than that i havent had much to do with jailbreaking  

Don't rule out the simple option that the recipient of the threatening messages may have saved their own number under the senders name. They could then have written the messages to them self. The handset would present them in both an incoming and outgoing format. The person could then delete the duplications and it would look like a conversation with that named person.

Obviously I haven't seen the device so can't comment on what is there. Just thinking of ways someone might make it appear that they had received texts that they may have not. Given the attitude of the person who supposedly did the sending, it sounds fairly suspicious.  

- TomP

Don't rule out the simple option that the recipient of the threatening messages may have saved their own number under the senders name. They could then have written the messages to them self. The handset would present them in both an incoming and outgoing format. The person could then delete the duplications and it would look like a conversation with that named person.

Obviously I haven't seen the device so can't comment on what is there. Just thinking of ways someone might make it appear that they had received texts that they may have not. Given the attitude of the person who supposedly did the sending, it sounds fairly suspicious.

I've already confirmed the messages were sent from the suspect. The sent/received messages matched the times that AT&T had listed on their text log for the victim's phone number. Plus the suspect admitted to sending the messages, they are just stating that the messages had been edited after the message was received.