The Association of Digital Forensics, Security and Law (ADFSL)
Apple’s™ iPhone™ is one of the widest selling mobile on the market, thanks to its simple and user-friendly interface and ever growing pool of available high quality applications for both personal and business use. The increasing use of the iPhone leads forensics practitioners towards the need for tools to access and analyze the information stored in the device. This research aims at describing the process to forensically analyze a logical backup of an iPhone made by the Apple iTunes™ utility, understanding the backup’s structure, and creating a simple tool to automate the process of decoding and analyzing the data. In our research of the iPhone backup we identified data of forensic value such as e-mail messages, text and multimedia messages, calendar events, browsing history, GPRS locations, contacts, call history and voicemail recordings can be retrieved using this method of iPhone acquisition.
 Mona Bader and Ibrahim Baggili. iPhone 3GS Forensics: Logical analysis using Apple iTunes Backup Utility. Small Scale Digital Device Forensics Journal, 4(1), September 2010.
 Understanding file permissions on Unix: a brief tutorial. URL http://www.dartmouth.edu/ rc/help/faq/permissions.html. Retrieved February, 2011.
 MBDB and MBDX Format. URL http://code.google.com/p/iphonebackupbrowser/wiki/Mbdb MbdxFormat. Retrieved February, 2011.
 SQLite Wikipedia article. URL http://en.wikipedia.org/wiki/SQLite. Retrieved February, 2011.
 Plist Wikipedia article. URL http://en.wikipedia.org/wiki/Property\s\do5(l)ist. Retrieved February, 2011.
 Mac OS X Reference Library: Keychain Services Concepts, a. URL http://developer.apple.com/library/mac/#documentation/ Security /Conceptual/keychainServConcepts/02concepts/concepts.h tml. Retrieved February, 2011.
 Peeking Inside Keychain Secrets, b. URL http://blog.crackpassword.com/2010/08/peeking-insidekeychain-secrets/. Blog post retrieved February, 2011.
 Cracking Blackberry Backup Passwords. URL http://blog.crackpassword.com/2010/09/.
 Exchangeable image file format for digital still cameras: Exif version 2.2. Technical report, Japan Electronics and Information Technology Industries Association - Technical Standardization Committee on AV & IT Storage Systems and Equipment, April 2002. Retrieved March, 2011, from http://exif.org/Exif2- 2.PDF.
 Cfdate reference on mac os x developer library. URL http://developer.apple.com/library/mac/documentation/C oreFoundation/Reference/CFDateRef/Reference/reference. html. Retrieved on March, 2011.
Piccinelli, Mario and Gubian, Paolo
"Exploring the iPhone Backup Made by iTunes,"
Journal of Digital Forensics, Security and Law: Vol. 6
, Article 4.
Available at: http://commons.erau.edu/jdfsl/vol6/iss3/4