Forensic imaging and analysis of Apple iOS devices

In this thesis we present our research on digital forensics on the iOS platform, structured along three areas: forensic imaging; forensic analysis; and anti-forensic techniques. In the field of forensic imaging, we demonstrate that the iPad can control external storage devices attached via USB, using Apple's Camera Connection Kit adapters. This results in a 30x speed boost compared to the traditional Wi-Fi transfer. In terms of forensic analysis, we found that printing documents wirelessly via AirPrint leaves a trace in the device that, when recovered, reveals the full contents of the documents that have been printed. Finally, in terms of anti-forensics, we created a proof-of-concept tool that disables a number of system services used by forensic tools to retrieve data. The tool also applies other hardening measures aimed at preventing the abuse of the services that remain activated.Esta tesis presenta nuestra investigación sobre informática forense en la plataforma iOS, estructurada en tres áreas: adquisición forense; análisis forense; y técnicas anti-forenses. En el campo de adquisición forense, demostramos que el iPad puede controlar dispositivos externos de almacenamiento conectados vía USB, usando los adaptadores del Apple Camera Connection Kit. Esto supone una velocidad de transferencia 30 veces superior a la transferencia vía Wi-Fi. En cuanto al análisis forense, observamos que la impresión inalámbrica de documentos vía AirPrint deja un rastro en el dispositivo que, al ser recuperado, revela el contenido completo de los documentos que hayan sido impresos. Por último, en el ámbito de técnicas anti-forenses implementamos una herramienta como prueba de concepto que deshabilita determinados servicios del sistema usados por las herramientas forenses para extraer datos del dispositivo. La herramienta también aplica otras medidas de seguridad para prevenir la explotación de los servicios que continúen activados.Aquesta tesi presenta la nostra investigació sobre informàtica forense a la plataforma iOS, estructurada en tres àrees: adquisició forense; anàlisi forense; i tècniques antiforenses. En el camp d'adquisició forense, demostrem que l'iPad pot controlar dispositius externs d'emmagatzematge connectats via USB, usant els adaptadors de l'Apple Camera Connection Kit. Això suposa una velocitat de transferència 30 vegades superior a la transferència via Wi-Fi. Pel que fa a l'anàlisi forense, observem que la impressió sense fil de documents a partir d'AirPrint deixa un rastre al dispositiu que, en ser recuperat, revela el contingut complet dels documents que hagin estat impresos. Finalment, en l'àmbit de tècniques antiforenses implementem una eina com a prova de concepte que deshabilita determinats serveis del sistema usats per les eines forenses per a extreure dades del dispositiu. L'eina també aplica altres mesures de seguretat per a prevenir l'explotació dels serveis que continuïn activats.Tecnologías de la información y de rede

Overcoming Forensic Implications with Enhancing Security in iOS

As the decades passed, smartphones have come to their greatest inventions. But their history has more than 2500 years starting from a basic thing of strings and beads, i.e. from the Abacus to the latest of our present iPhone. With every special invention in this area brought people together socially over the internet. This, in turn, raised the alarm for having secured communication. With these devices getting popular, development in the technology to enhance the security features in those devices has also been increasing. These advancements have brought Apple operating system (IOS) into light. These devices are one step ahead of all other smartphones regarding storage by having space for storing emails, GPS data and many more. This feature of storage has a major advantage in conducting forensics for investigation purposes. In this research, I performed data acquisition on iPhones with two different OS versions using various forensic tools and then compare the forensic implications with variant security features. I analyzed the forensic implications with enhancements in security and iPhone operating systems over the years. I also used to software to break the iPhone passcode which is the major forensic implication caused

VISION: a video and image dataset for source identification

Abstract Forensic research community keeps proposing new techniques to analyze digital images and videos. However, the performance of proposed tools are usually tested on data that are far from reality in terms of resolution, source device, and processing history. Remarkably, in the latest years, portable devices became the preferred means to capture images and videos, and contents are commonly shared through social media platforms (SMPs, for example, Facebook, YouTube, etc.). These facts pose new challenges to the forensic community: for example, most modern cameras feature digital stabilization, that is proved to severely hinder the performance of video source identification technologies; moreover, the strong re-compression enforced by SMPs during upload threatens the reliability of multimedia forensic tools. On the other hand, portable devices capture both images and videos with the same sensor, opening new forensic opportunities. The goal of this paper is to propose the VISION dataset as a contribution to the development of multimedia forensics. The VISION dataset is currently composed by 34,427 images and 1914 videos, both in the native format and in their social version (Facebook, YouTube, and WhatsApp are considered), from 35 portable devices of 11 major brands. VISION can be exploited as benchmark for the exhaustive evaluation of several image and video forensic tools

Comparison of Forensic Acquisition and Analysis on an iPhone over an Android Mobile Through multiple forensic methods

Mobile phones are most widely used as mini laptops as well as personal digital devices one could have. The dependency on mobiles for every single person on every single aspect has increased day by day. Depending on the operating systems, storage capacity, user interface developed by various manufacturers, there are numerous mobile phones designed with diverse computing capabilities. Among all the distinct kinds of smart mobile devices that are available in the mobile market, iPhone became one of the most popularly used smart mobiles across the world due to its complex logical computing capabilities, striking touch interface, optimum screen resolutions. People started relying on iPhone by utilizing its functionalities including storing sensitive information, capturing pictures, making online payments by providing credentials. These factors made iPhone to be one of the best resources for the forensic department to retrieve and analyze sensitive information and provide supporting evidence. Thus, the rise of iPhone forensics took place where the data is retrieved and analyzed with the help of various iPhone forensic tool kits. The agenda of this paper is to give overview of iPhone forensics and mainly focuses on analysis done, and challenges faced while retrieving the sensitive information on iPhone by means of distinct forensic tools when compare to Android mobile device forensic

Facilitating Forensics in the Mobile Millennium through Proactive Enterprise Security

This work explores the impact of the emerging mobile communication device paradigm on the security-conscious enterprise, with regard to providing insights for proactive Information Assurance and facilitation of eventual Forensic analysis. Attention is given to technology evolution in the areas of best practices, attack vectors, software and hardware performance, access and activity monitoring, and architectural models. Keywords: Forensics, enterprise security, mobile communication, best practices, attack vectors

Evaluation and Identification of Authentic Smartphone Data

Mobile technology continues to evolve in the 21st century, providing end-users with mobile devices that support improved capabilities and advance functionality. This ever-improving technology allows smartphone platforms, such as Google Android and Apple iOS, to become prominent and popular among end-users. The reliance on and ubiquitous use of smartphones render these devices rich sources of digital data. This data becomes increasingly important when smartphones form part of regulatory matters, security incidents, criminal or civil cases. Digital data is, however, susceptible to change and can be altered intentionally or accidentally by end-users or installed applications. It becomes, therefore, essential to evaluate the authenticity of data residing on smartphones before submitting the data as potential digital evidence. This thesis focuses on digital data found on smartphones that have been created by smartphone applications and the techniques that can be used to evaluate and identify authentic data. Identification of authentic smartphone data necessitates a better understanding of the smartphone, the related smartphone applications and the environment in which the smartphone operates. Derived from the conducted research and gathered knowledge are the requirements for authentic smartphone data. These requirements are captured in the smartphone data evaluation model to assist digital forensic professionals with the assessment of smartphone data. The smartphone data evaluation model, however, only stipulates how to evaluate the smartphone data and not what the outcome of the evaluation is. Therefore, a classification model is constructed using the identified requirements and the smartphone data evaluation model. The classification model presents a formal classification of the evaluated smartphone data, which is an ordered pair of values. The first value represents the grade of the authenticity of the data and the second value describes the completeness of the evaluation. Collectively, these models form the basis for the developed SADAC tool, a proof of concept digital forensic tool that assists with the evaluation and classification of smartphone data. To conclude, the evaluation and classification models are assessed to determine the effectiveness and efficiency of the models to evaluate and identify authentic smartphone data. The assessment involved two attack scenarios to manipulate smartphone data and the subsequent evaluation of the effects of these attack scenarios using the SADAC tool. The results produced by evaluating the smartphone data associated with each attack scenario confirmed the classification of the authenticity of smartphone data is feasible. Digital forensic professionals can use the provided models and developed SADAC tool to evaluate and identify authentic smartphone data. The outcome of this thesis provides a scientific and strategic approach for evaluating and identifying authentic smartphone data, offering needed assistance to digital forensic professionals. This research also adds to the field of digital forensics by providing insights into smartphone forensics, architectural components of smartphone applications and the nature of authentic smartphone data.Thesis (PhD)--University of Pretoria, 2019.Computer SciencePhDUnrestricte

LYNN - 2017 Annual Edition

Main Stories: Academics The 2012 presidential debate Campus enhancements Enrollment strideshttps://spiral.lynn.edu/lynnmag/1017/thumbnail.jp