Proposal / Submission Type
Peer Reviewed Paper
Location
Richmond, Virginia
Start Date
27-5-2011 10:45 AM
Abstract
The ability to recover forensic artifacts from mobile devices is proving to be an ever-increasing challenge for investigators. Coupling this with the ubiquity of mobile devices and the increasing complexity and processing power they contain results in a reliance on them by suspects. In investigating Apple’s iOS devices -- namely the iPhone and iPad -- an investigator’s challenges are increased due to the closed nature of the platforms. What is left is an extremely powerful and complex mobile tool that is inexpensive, small, and can be used in suspect activities. Little is known about the internal data structures of the device or the proper method of extracting forensically sound images of them. This article will discuss the current state of iOS mobile device forensics. An examination of what data is contained on the devices as well as what can currently be extracted from suspect device is looked at. Jailbreaking an iOS device will be evaluated against its pros and cons along with current professional and open source tools. Finally, a discourse on our continuing research into deleted file recovery and future works is presented.
Keywords: Digital Forensics, iOS, iPhone, iPad, Mobile Devices, Security, Analysis, Tools
Scholarly Commons Citation
Barrios, Rita M. and Lehrfeld, Michael R., "Ios Mobile Device Forensics: Initial Analysis" (2011). Annual ADFSL Conference on Digital Forensics, Security and Law. 4.
https://commons.erau.edu/adfsl/2011/friday/4
Included in
Computer Engineering Commons, Computer Law Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, Information Security Commons
Ios Mobile Device Forensics: Initial Analysis
Richmond, Virginia
The ability to recover forensic artifacts from mobile devices is proving to be an ever-increasing challenge for investigators. Coupling this with the ubiquity of mobile devices and the increasing complexity and processing power they contain results in a reliance on them by suspects. In investigating Apple’s iOS devices -- namely the iPhone and iPad -- an investigator’s challenges are increased due to the closed nature of the platforms. What is left is an extremely powerful and complex mobile tool that is inexpensive, small, and can be used in suspect activities. Little is known about the internal data structures of the device or the proper method of extracting forensically sound images of them. This article will discuss the current state of iOS mobile device forensics. An examination of what data is contained on the devices as well as what can currently be extracted from suspect device is looked at. Jailbreaking an iOS device will be evaluated against its pros and cons along with current professional and open source tools. Finally, a discourse on our continuing research into deleted file recovery and future works is presented.
Keywords: Digital Forensics, iOS, iPhone, iPad, Mobile Devices, Security, Analysis, Tools
