Hey Everyone,
I'm looking for a recommendation on a book about iPhone Forensics. The one book that i've seen recommended numerous times is iPhone Forensics written by JZ and published by O'Reilly Media. The only problem is this book was published in 2008…
The phone i'm working on is
iPhone 3GS
32 GB
iOS 4.0 +
I'd like to make an image and be able to analize that until Paraben releases the update for Device Seizure this/next week. Does anyone have a more updated book they can recommend.
Thanks!
I haven't seen any books that cover anything past what ZJ has recommended from his iphoneinsecurity website. If you have a Cellebrite UFED Physical Pro you can get a file system dump from the phone but I'm not sure if any of the other tools have caught up to iOS 4.0+
The update changed a few things in the file system, but nothing super drastic. I've already analyzed a handful of these phones running iOS 4 and higher, so if I can be of any help, send me a PM.
Sadly there is no way (that I am aware of) currently take a disk image from an iPhone running iOS4.
As is always the case the hardware and software moves too fast for books to keep up.
If you wanted a free read then ViaForensics published a good white paper on iPhone analysis last year. It compares different tools and what they were able to recover
http//
To echo cScottVance, if you have any questions then feel free to PM me.
Hello,
usually I do not "sponsor" software solutions but … you can take a look at Lantern (http//katanaforensics.com) … may be that this can help.
NOTE this software is only for Mac OS X 10.6.x
Regards
Danilo
Agree with Danilo on Katana - been using the testing the trial in anticipation of purchase. Also BlackBag has software for iPhone examinations.
It's ok to recco a product if even if it is just pointing someone in the right direction to know what is out there. Its still up to them to test and verify the software.
Have you checked out Jonathan Zdziarski's second edition book? I do not have it at hand (it is at work) so I am not sure if it is the 2008 one. JZ has released some tools that are listed under his "experimental" that should work on iOS4 in Linux (released in the past week or so).
I just finished updating all of my JZ Automated tools and have yet to try them, so I am not too sure if they work or not. I will be trying them here in the next week on a few phones. Once I test/use them on these phones, I will post the results of them working or not.
Did he decide to make the tool available for everyone or is it still LE only.
I get a big kick of people who come from the UG and write things for LE only.
None of my money is going to anything LE only, make products for everyone to use, make tools which can show prosecution, defense, military, etc. what the data is so that the guilty can be caught and the innocent can have access to the same tools which could prosecute them.
Have you checked out Jonathan Zdziarski's second edition book? I do not have it at hand (it is at work) so I am not sure if it is the 2008 one. JZ has released some tools that are listed under his "experimental" that should work on iOS4 in Linux (released in the past week or so).
I just finished updating all of my JZ Automated tools and have yet to try them, so I am not too sure if they work or not. I will be trying them here in the next week on a few phones. Once I test/use them on these phones, I will post the results of them working or not.
I have not seen his new book, please let me know the name of it, i'd like to pick it up. Also i'd like to obtain his tools but unfortunatly i have not been granted access to the iphoneinsecurity.com portal as of yet.
Did he decide to make the tool available for everyone or is it still LE only.
I get a big kick of people who come from the UG and write things for LE only.
None of my money is going to anything LE only, make products for everyone to use, make tools which can show prosecution, defense, military, etc. what the data is so that the guilty can be caught and the innocent can have access to the same tools which could prosecute them.
No the tool is still LE only which really stinks. I recently reached out to him and offered to buy his tools, or just some consulting time from him and didnt even receive an email back… (
There are other ways, his isn't the only one.
Just remember about his LE only stuff and don't support people who do things like that. Support those who help support you.
Did he decide to make the tool available for everyone or is it still LE only.
I get a big kick of people who come from the UG and write things for LE only.
None of my money is going to anything LE only, make products for everyone to use, make tools which can show prosecution, defense, military, etc. what the data is so that the guilty can be caught and the innocent can have access to the same tools which could prosecute them.No the tool is still LE only which really stinks. I recently reached out to him and offered to buy his tools, or just some consulting time from him and didnt even receive an email back… (