iPad2 Logical Acquisition: Automated or Manual Examination?

Due to their usage increase worldwide, iPads are on the path of becoming key sources of digital evidence in criminal investigations. This research investigated the logical backup acquisition and examination of the iPad2 device using the Apple iTunes backup utility while manually examining the backup data (manual examination) and automatically parsing the backup data (Lantern software - automated examination). The results indicate that a manual examination of the logical backup structure from iTunes reveals more digital evidence, especially if installed application data is required for an investigation. However, the researchers note that if a quick triage is needed of an iOS device, then automated tools provide a faster method for obtaining digital evidence from an iOS device. The results also illustrate that the file names in the backup folders have changed between iOS 3 and iOS 4. Lastly, the authors note the need for an extensible software framework for future automated logical iPad examination tools. Keywords: iPad, forensics, logical backup, iOS, manual examination

IPad2 Logical Acquisition: Automated or Manual Examination?

Due to their usage increase worldwide, iPads are on the path of becoming key sources of digital evidence in criminal investigations. This research investigated the logical backup acquisition and examination of the iPad2 device using the Apple iTunes backup utility while manually examining the backup data (manual examination) and automatically parsing the backup data (Lantern software-automated examination).The results indicate that a manual examination of the logical backup structure from iTunes reveals more digital evidence, especially if installed application data is required for an investigation. However, the researchers note that if a quick triage is needed of an iOS device, then automated tools provide a faster method for obtaining digital evidence from an iOS device. The results also illustrate that the file names in the backup folders have changed between iOS 3 and iOS 4. Lastly, the authors note the need for an extensible software framework for future automated logical iPad examination tools

Comparison of Forensic Acquisition and Analysis on an iPhone over an Android Mobile Through multiple forensic methods

Mobile phones are most widely used as mini laptops as well as personal digital devices one could have. The dependency on mobiles for every single person on every single aspect has increased day by day. Depending on the operating systems, storage capacity, user interface developed by various manufacturers, there are numerous mobile phones designed with diverse computing capabilities. Among all the distinct kinds of smart mobile devices that are available in the mobile market, iPhone became one of the most popularly used smart mobiles across the world due to its complex logical computing capabilities, striking touch interface, optimum screen resolutions. People started relying on iPhone by utilizing its functionalities including storing sensitive information, capturing pictures, making online payments by providing credentials. These factors made iPhone to be one of the best resources for the forensic department to retrieve and analyze sensitive information and provide supporting evidence. Thus, the rise of iPhone forensics took place where the data is retrieved and analyzed with the help of various iPhone forensic tool kits. The agenda of this paper is to give overview of iPhone forensics and mainly focuses on analysis done, and challenges faced while retrieving the sensitive information on iPhone by means of distinct forensic tools when compare to Android mobile device forensic

Conceptual evidence collection and analysis methodology for Android devices

Android devices continue to grow in popularity and capability meaning the need for a forensically sound evidence collection methodology for these devices also increases. This chapter proposes a methodology for evidence collection and analysis for Android devices that is, as far as practical, device agnostic. Android devices may contain a significant amount of evidential data that could be essential to a forensic practitioner in their investigations. However, the retrieval of this data requires that the practitioner understand and utilize techniques to analyze information collected from the device. The major contribution of this research is an in-depth evidence collection and analysis methodology for forensic practitioners.Comment: in Cloud Security Ecosystem (Syngress, an Imprint of Elsevier), 201

I Know What You Did Last Summer: Your Smart Home Internet of Things and Your iPhone Forensically Ratting You Out

The adoption of smart home Internet of Things (IoT) devices continues to grow. What if your devices can snitch on you and let us know where you are at any given point in time? In this work we examined the forensic artifacts produced by Nest devices, and in specific, we examined the logical backup structure of an iPhone used to control a Nest thermostat, Nest Indoor Camera and a Nest Outdoor Camera. We also integrated the Google Home Mini as another method of controlling the studied Smart Home devices. Our work is the primary account for the examination of Nest artifacts produced by an iPhone, and is also the first open source research to produce a usable forensics tool we name the Forensic Evidence Acquisition and Analysis System (FEAAS). FEAAS consolidates evidentiary data into a readable report that can infer user events (like entering or leaving a home) and what triggered an event (whether it was the Google Assistant through a voice command, or the use of an iPhone application). Our results are important for the advancement of digital forensics, as there are cases starting to emerge in which smart home IoT devices have already been used as culpatory evidence

The Proceedings of 14th Australian Digital Forensics Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia

Conference Foreword This is the fifth year that the Australian Digital Forensics Conference has been held under the banner of the Security Research Institute, which is in part due to the success of the security conference program at ECU. As with previous years, the conference continues to see a quality papers with a number from local and international authors. 11 papers were submitted and following a double blind peer review process, 8 were accepted for final presentation and publication. Conferences such as these are simply not possible without willing volunteers who follow through with the commitment they have initially made, and I would like to take this opportunity to thank the conference committee for their tireless efforts in this regard. These efforts have included but not been limited to the reviewing and editing of the conference papers, and helping with the planning, organisation and execution of the conference. Particular thanks go to those international reviewers who took the time to review papers for the conference, irrespective of the fact that they are unable to attend this year. To our sponsors and supporters a vote of thanks for both the financial and moral support provided to the conference. Finally, to the student volunteers and staff of the ECU Security Research Institute, your efforts as always are appreciated and invaluable. Yours sincerely, Conference Chair Professor Craig Valli Director, Security Research Institut