±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35399
New Yesterday: 1 Visitors: 147

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

iphone forensics book

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

calimelo
Senior Member
 

iphone forensics book

Post Posted: Nov 27, 08 19:41

Hi all,

I recently read the book "iphone forensics" by Mr. Zdziarsky. In his book he mentions a method for the investigation which includes "jailbreaking" by using a custom payload and integrating it in the operating system. I also watched the webcast on youtube.

I phone has two partitions, one is a system partition and the other is used for user files such as pictures and media. Commercial software offer recovery from the latter. In his book Mr. Zdziarsky manipulates the operating system (installs SSH, BSD, netcat etc.) and images both partitions using dd piped with netcat over wireless connection.

Do you think it's forensically sound? I mean we don't install software on XP to get a forensic image. We even question live forensics. Isn't this method a little bit questionable?

Regards

cal
_________________
"Simplicity is the ultimate sophistication." 
 
  

trewmte
Senior Member
 

Re: iphone forensics book

Post Posted: Nov 28, 08 01:15

Calimelo
What justification does the author of the book give for installing an agent onto the iPhone:

1) is it because of necessity, perhaps a suggestion of recovering deleted data or system info etc not accessible by the user?
or
2) because it is easier to get another device to suck off all the data as it saves time rather than conducting a manual examination where no agent is loaded and the examiner users a video or photographs to demonstrate what is on the phone?
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

calimelo
Senior Member
 

Re: iphone forensics book

Post Posted: Nov 28, 08 10:33

trewmte,

It's mainly for accessing system folders and recovering deleted files.
This payload makes it possible to access "jailed" files.

Since iphone forensics is a relatively new area, and we have an iphone case at the moment, i am researching for every option.

I installed macfuse which allows mounting the iphone as a disk but not as hfs+, as macfuse filesystem. But accessing the root partition requires openbsd, ssh and afp. I experimented installing these on my personal phone and was able to acquire an image using dd.

Investigating an iphone is not usual mobile phone analysis, it has a 16GB solid state disk and a compact edition of mac os x leopard. In the book there is also a part that describes the process to remove the automatic keylock password.

I think i'll try to find a forensic solid state disk reader.

Regards

cal
_________________
"Simplicity is the ultimate sophistication." 
 
  

jmech
Member
 

Re: iphone forensics book

Post Posted: Nov 28, 08 14:35

Check out www.sixthlegion.com

they make a software product called "WOLF" that is designed specifically form Iphone forensics. You have to use a Mac for your analysis machine, but it does not jailbreak the phone.

I have not used this software, but am aware of it as an option.

Joe  
 
  

MacForensics
Newbie
 

Re: iphone forensics book

Post Posted: Jan 15, 09 18:22

MacLockPick can be used to acquire the information from an iPhone without the need to jailbreak the suspect's iPhone. It's cross platform and works on both Mac and Windows machines. It's also offers a large number of other abilities such for acquiring forensic data from a suspect machine.  
 

Page 1 of 1