Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben

2010 | Buch

History of Apple Mobile Devices Kapitel lesen Erstes Kapitel lesen

iOS Forensic Analysis for iPhone, iPad, and iPod touch

verfasst von: Sean Morrissey

Verlag: Apress

Enthalten in: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

iOS Forensic Analysis provides an in-depth look at investigative processes for the iPhone, iPod Touch, and iPad devices. The methods and procedures outlined in the book can be taken into any courtroom. With never-before-published iOS information and data sets that are new and evolving, this book gives the examiner and investigator the knowledge to complete a full device examination that will be credible and accepted in the forensic community.

Inhaltsverzeichnis

Frontmatter
Chapter 1. History of Apple Mobile Devices
Abstract
Before we delve into artifacts and analysis, let’s take a look at the history of Apple’s mobile devices. Apple had a history of trials and failures until the release of the iPhone, which is the phone that actually changed the mobile phone game. For instance, in 1988, Apple started the development of the Newton (see Figure 1-1), an early version of a PDA tablet. The first Newton project was the Message Pad 100, released in August 1993, and the last was MessagePad 2100, released in November 1997. The Newton line of products was subsequently killed upon the return of Steve Jobs to Apple in 1997.
Sean Morrissey
Chapter 2. iOS Operating and File System Analysis
Abstract
In Chapter 1, we discussed the evolution of devices; in this chapter, we’ll look at changes in the operating system (OS) and the addition of the App Store to the iOS environment, and then we’ll delve into the details of the iDevice file system in order to provide context for investigations.
Sean Morrissey
Chapter 3. Search, Seizure, and Incident Response
Abstract
Imagine for a moment that an officer has stopped your vehicle and detained you for speeding. The officer approaches your car, walks around your vehicle, and, after speaking with you, requests to search your iPhone. What do you do? Do you have the right to say no? The Constitution—specifically the Fourth Amendment—offers protection from unreasonable search and seizure. Does the Constitution protect you from unlawful search and seizure of your iPhone? This question may seem easy to answer, but it actually depends on the circumstances and events that are occurring.
Sean Morrissey
Chapter 4. iPhone Logical Acquisition
Abstract
One of the functions of the iPhone and iTunes is the ability to back up information in case of a catastrophic failure or to bring the phone to factory settings without losing any previous information. This is done using iDevice Backup in iTunes. There are GUI and command-line tools that can assist in analyzing the data retrieved from the device, and there are even free tools to acquire and analyze the logical data. You can use a combination of tools to assist you in many investigations.
Sean Morrissey
Chapter 5. Logical Data Analysis
Abstract
Apple’s mobile devices can contain a huge amount of data. There is telephony-type data such as call logs, address books, and text messages. There is data from third-party applications that could be a subset of the 300,000+ apps that are on the App Store. In addition, with the iPad and iWorks, document editing and storage are now possible, and all this data can interact with other applications. Apple devices do more than ever before. People can create data with phones as well; for example, iMovie, iWorks, and many other applications allow users to communicate in different mediums. As with all things that are beneficial for society, these tools can also be used for criminal activity. Therefore, it is incumbent on investigators to look at all the data and know how it was placed onto the phone. This chapter will show how to set up a forensic workstation and comb through iPhone directories and artifacts.
Sean Morrissey
Chapter 6. Mac and Windows Artifacts
Abstract
In this book, we’ve put a lot of emphasis on the iPhone and not a lot on the data that could be left behind on a Mac or Windows computer. Most investigators forget to grab any Mac or Windows computers or to specify within their search warrants that important data is on the desktops; these computers can have historical data and passcodebypass certificates. Not everyone syncs their iPod touch or iPhone as often as in the past, because more and more information is able to be added to these devices without ever syncing with a desktop computer. However, when a new update is released from Apple, Apple has made it necessary to connect to a computer and update the device. During the update process and without user intervention, iTunes automatically creates a backup of the device prior to installing the new firmware. So, both on a Mac and on a Windows computer, there will be historical data left behind.
Sean Morrissey
Chapter 7. GPS Analysis
Abstract
The Global Positioning System (GPS) was first created and utilized by U.S. Department of Defense and consisted of 24 geosynchronous satellites. This, coupled with a GPS enabled device, allowed an individual or weapon system to receive a value that would fix its location. These values were broken into latitudinal and longitudinal numbers and further delineated into degrees, minutes, and seconds. As we discussed in Chapter 1, the iPhone 3G brought GPS to the iPhone. GPS on the iPhone 3G, was really Assisted GPS, meaning that radio tower triangulation was first utilized to ascertain the location of the device, and then the GPS receiver would then more accurately point to where the device was located. Therefore, with the iPhone 3G, the accuracy of this device was not very good. With firmware updates, though, the accuracy improved. The iPhone 3GS was a marked improvement in the accuracy of the device. In this chapter, we will discuss the artifacts located on an iDevice in reference to GPS.
Sean Morrissey
Chapter 8. Media Exploitation
Abstract
In previous chapters, we discussed how to obtain logical data and analyze the acquired data. The iDevice (iPhone, iPod Touch, iPad) was developed by Apple in such a way that the system is jailed (or closed), which, in UNIX terms, gives the ability to create a partitioned operating system. On iDevices, the operating system partition is read-only, and this makes the device a jailed system. This, coupled with using the root model found in Unix systems, provides for a secure system. In this situation, the iDevice’s mobile user has defined and limited access to certain areas of the iOS. Since the first iPhone came out, some people have taken it upon themselves to develop methods to break that jailed system, which has lead to the development of numerous unsupported versions of iOS and jailbreaks. Law enforcement agencies then demanded that they get access to the physical device, as traditional methods of forensics began to fade away in the wake of the iPhone. Numerous arguments arose in areas from digital rights management, to copyright violations, to poor decisions being handed down by Apple. This chapter will discuss relevant case law, as well as procedures and tools to exploit iDevices.
Sean Morrissey
Chapter 9. Media Exploitation Analysis
Abstract
The Mac is the best platform to conduct any examination of OS X and iOS volumes. Although some Windows tool are getting better, there is no substitute for a Mac, which can view file types that Windows can’t discern. Inherently Windows can’t read HFS volumes and often requires third-party applications to mount and then view the data.
Sean Morrissey
Chapter 10. Network Analysis
Abstract
Looking at how the fabric of human communication is changing, one of the most significant factors is mobile communication. Whether for personal or commercial application, the ability for someone to stay connected has never been easier. As humans continue to become more reliant on mobile devices, the amount of information that can be gathered about the user continues to grow. Therefore, the ability of forensic analysts to extract and make sense of the data on mobile devices becomes immensely important. This is compounded by the ability of modern computing to house larger and larger amounts of data as time passes.
Sean Morrissey
Backmatter
Metadaten
Titel
iOS Forensic Analysis for iPhone, iPad, and iPod touch
verfasst von
Sean Morrissey
Copyright-Jahr
2010
Verlag
Apress
Electronic ISBN
978-1-4302-3343-5
Print ISBN
978-1-4302-3342-8
DOI
https://doi.org/10.1007/978-1-4302-3343-5

Premium Partner

    Bildnachweise