±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 33492
New Yesterday: 5 Visitors: 198

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Manual/Automated collection of Iphone E-mails

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page Previous  1, 2 
  

Re: Manual/Automated collection of Iphone E-mails

Post Posted: Wed Feb 14, 2018 4:10 am

Looking to get an indication of the methods you guys are using in relation to the following:

Currently taking photos of the G-mail IMPORTANT Folder. At the end of it, there will be an estimated 9000 photos taken.

The next folder I am going to have to photograph is
G-mail ALL MAIL

My understanding of this folder is that it as a combination of the Sent emails as well as any received. And therefore I will be duplicating the folders I have already taken a photograph of.

What is your method where you work in such a situation?

Do you:
1)Explain the folder and do not take photographs.
or
2)Take photographs of every e-mail

Or is there an alternative method? I'm seeing an abundance of Iphones that do not have the E-mails extracted by the usual tools and most of my time is now taken up by photographing emails with zero value to the case.

Please help me for my own sanity as this tedium is a nightmare.

Thanks in Advance.  

MrMacca
Newbie
 
 
  

Re: Manual/Automated collection of Iphone E-mails

Post Posted: Wed Feb 14, 2018 6:23 am

I can only speak from a criminal perspective, but without a good technical solution we've really focused on pushing back on the case agents to provide us with narrower examination perimeters when they hand us mobile devices with thousands of e-mails that our tools can't touch. We've never allowed phones to sync to an e-mail server because who knows if the owner has performed a purge? There's also the concern that you've violated the search warrant by pulling data from outside its jurisdiction. My unhelpful tips:

-Ask for specific keywords and only photograph e-mails responsive to the hits.

-Extract e-mail address and account holder information and ask that they subpoena the e-mail provider.

-Sit down with the agent and the phone. He/she chooses which e-mails are relevant.

They aren't always pleased when you hand them a massive ZRT report or a huge, raw dump of photos full of Best Buy ads and vacation pictures so I'd also make it clear to them that narrowing your scope of work makes their job easier too.

(I believe you can also mirror the iPhone screen using QuickTime and a Mac if complete radio isolation is a must)  

nodecaf
Newbie
 
 

Page 2 of 2
Go to page Previous  1, 2