Exploring the iPhone Backup Made by iTunes

The iPhone mobile from Apple Inc. is one of the most notable phones on the market thanks to its simple and user-friendly interface and ever growing pool of available high quality applications for both personal and business use. The increasing use of iPhone mobiles leads forensics practitioners towards the need for tools to access and analyze the information stored in the device. This research aims at describing how to forensically analyze a logical backup of an iPhone made by the Apple iTunes utility, understanding its structure and creating a simple tool to automate the process of decoding and analyzing the data. It was found that significant data of forensic value such as e-mail messages, text and multimedia messages, calendar events, browsing history, GPRS locations, contacts, call history and voicemail recordings can be retrieved using this method of iPhone acquisition

Comparison of Forensic Analysis Results Obtained by Various Types of Acquisitions

Smartphones have become an essential commodity for people all around the world. Literally, almost every person in the world is migrating towards smartphones. It has become a trend because it has almost the same computing power as a computer and the major advantage is that it is portable. All the tasks a computer can do can be done by a smartphone and that is what people like about it. The most popular smartphone in the world is the “Apple iPhone”. Because of its features and specifications many people in the world use it for various purposes. The iPhone is used by various groups of individuals such as students, faculty, business man, factory workers etc. Because of its large group of users, there might be chances that it can be used for false purposes too. So, there has been a rise in the new scope of the subject known as “iPhone forensics”. This involves analysis of the user’s data from backup such as retrieving messages, photos, keystrokes, notes, browser’s cache etc. There have been several methods which used for retrieving the user’s data. All these applications were developed by several organizations worldwide. They can be either free versions which are open source or available to buy. This paper briefly discusses all the aspects starting from what an iPhone is to how forensics can be done on an iPhone. It mainly deals with the methods of how data is retrieved using different forensic tools and how the retrieved data is analyzed. After performing various analysis, we see that the logical acquisition is much better than other approaches as it yields better results and we see it from our experiments performed

Overcoming Forensic Implications with Enhancing Security in iOS

As the decades passed, smartphones have come to their greatest inventions. But their history has more than 2500 years starting from a basic thing of strings and beads, i.e. from the Abacus to the latest of our present iPhone. With every special invention in this area brought people together socially over the internet. This, in turn, raised the alarm for having secured communication. With these devices getting popular, development in the technology to enhance the security features in those devices has also been increasing. These advancements have brought Apple operating system (IOS) into light. These devices are one step ahead of all other smartphones regarding storage by having space for storing emails, GPS data and many more. This feature of storage has a major advantage in conducting forensics for investigation purposes. In this research, I performed data acquisition on iPhones with two different OS versions using various forensic tools and then compare the forensic implications with variant security features. I analyzed the forensic implications with enhancements in security and iPhone operating systems over the years. I also used to software to break the iPhone passcode which is the major forensic implication caused

Forensic imaging and analysis of Apple iOS devices

In this thesis we present our research on digital forensics on the iOS platform, structured along three areas: forensic imaging; forensic analysis; and anti-forensic techniques. In the field of forensic imaging, we demonstrate that the iPad can control external storage devices attached via USB, using Apple's Camera Connection Kit adapters. This results in a 30x speed boost compared to the traditional Wi-Fi transfer. In terms of forensic analysis, we found that printing documents wirelessly via AirPrint leaves a trace in the device that, when recovered, reveals the full contents of the documents that have been printed. Finally, in terms of anti-forensics, we created a proof-of-concept tool that disables a number of system services used by forensic tools to retrieve data. The tool also applies other hardening measures aimed at preventing the abuse of the services that remain activated.Esta tesis presenta nuestra investigación sobre informática forense en la plataforma iOS, estructurada en tres áreas: adquisición forense; análisis forense; y técnicas anti-forenses. En el campo de adquisición forense, demostramos que el iPad puede controlar dispositivos externos de almacenamiento conectados vía USB, usando los adaptadores del Apple Camera Connection Kit. Esto supone una velocidad de transferencia 30 veces superior a la transferencia vía Wi-Fi. En cuanto al análisis forense, observamos que la impresión inalámbrica de documentos vía AirPrint deja un rastro en el dispositivo que, al ser recuperado, revela el contenido completo de los documentos que hayan sido impresos. Por último, en el ámbito de técnicas anti-forenses implementamos una herramienta como prueba de concepto que deshabilita determinados servicios del sistema usados por las herramientas forenses para extraer datos del dispositivo. La herramienta también aplica otras medidas de seguridad para prevenir la explotación de los servicios que continúen activados.Aquesta tesi presenta la nostra investigació sobre informàtica forense a la plataforma iOS, estructurada en tres àrees: adquisició forense; anàlisi forense; i tècniques antiforenses. En el camp d'adquisició forense, demostrem que l'iPad pot controlar dispositius externs d'emmagatzematge connectats via USB, usant els adaptadors de l'Apple Camera Connection Kit. Això suposa una velocitat de transferència 30 vegades superior a la transferència via Wi-Fi. Pel que fa a l'anàlisi forense, observem que la impressió sense fil de documents a partir d'AirPrint deixa un rastre al dispositiu que, en ser recuperat, revela el contingut complet dels documents que hagin estat impresos. Finalment, en l'àmbit de tècniques antiforenses implementem una eina com a prova de concepte que deshabilita determinats serveis del sistema usats per les eines forenses per a extreure dades del dispositiu. L'eina també aplica altres mesures de seguretat per a prevenir l'explotació dels serveis que continuïn activats.Tecnologías de la información y de rede

Are HIV smartphone apps and online interventions fit for purpose?

Sexual health is an under-explored area of Human-Computer Interaction (HCI), particularly sexually transmitted infections such as HIV. Due to the stigma associated with these infections, people are often motivated to seek information online. With the rise of smartphone and web apps, there is enormous potential for technology to provide easily accessible information and resources. However, using online information raises important concerns about the trustworthiness of these resources and whether they are fit for purpose. We conducted a review of smartphone and web apps to investigate the landscape of currently available online apps and whether they meet the diverse needs of people seeking information on HIV online. Our functionality review revealed that existing technology interventions have a one-size-fits-all approach and do not support the breadth and complexity of HIV-related support needs. We argue that technology-based interventions need to signpost their offering and provide tailored support for different stages of HIV, including prevention, testing, diagnosis and management

SIM Card Forensics: Digital Evidence

With the rapid evolution of the smartphone industry, mobile device forensics has become essential in cybercrime investigation. Currently, evidence forensically-retrieved from a mobile device is in the form of call logs, contacts, and SMSs; a mobile forensic investigator should also be aware of the vast amount of user data and network information that are stored in the mobile SIM card such as ICCID, IMSI, and ADN. The aim of this study is to test various forensic tools to effectively gather critical evidence stored on the SIM card. In the first set of experiments, we compare the selected forensic tools in terms of retrieving specific data; in the second set, genuine user data from eight different SIM cards is extracted and analyzed. The experimental results on a real-life dataset support the effectiveness of the SIM card forensics approach presented in this paper. Keywords: SIM card, Digital Forensics, Forensic tools, ICCID, IMS

Smartphone malware based on synchronisation vulnerabilities

Smartphones are mobile phones that offer processing power and features like personal computers (PC) with the aim of improving user productivity as they allow users to access and manipulate data over networks and Internet, through various mobile applications. However, with such anywhere and anytime functionality, new security threats and risks of sensitive and personal data are envisaged to evolve. With the emergence of open mobile platforms that enable mobile users to install applications on their own, it opens up new avenues for propagating malware among various mobile users very quickly. In particular, they become crossover targets of PC malware through the synchronization function between smartphones and computers. Literature lacks detailed analysis of smartphones malware and synchronization vulnerabilities. This paper addresses these gaps in literature, by first identifying the similarities and differences between smartphone malware and PC malware, and then by investigating how hackers exploit synchronization vulnerabilities to launch their attacks

Chapter 16 Cloud Backup and Restore

Digital devices are prone to failure. An increasing range of cloud backup solutions aim to ensure that no matter what should happen to a user’s device, their files and data can be quickly re-downloaded and re-installed on a new device with ease. If the failure or breakdown of a digital device may once have resulted in a potentially devastating data loss event, cloud backup and recovery tools work to reduce the disruptive impact of device failure. This has implications for theories of failure that are based on the premise that breakdown or failure are disruptive events. Drawing on Apple’s cloud-based data backup and restore service, this chapter conceptualises the cloud as an infrastructure designed to anticipate and absorb digital failure. In doing so, it explores how cloud services bolster cultures of routine device upgrading and e-waste production