Gadgets Manual

RSS Feed

Free Ebooks Download

iPhone Forensics Manual

November 30th, 2012 · No Comments

iPhone Forensics Manual - CryptocombiPhone/iPod Touch Forensics Manual Zdziarski, J Page 1 of 44 iPhone/iPod Touch Forensics Manual Jonathan A. Zdziarski 32 West Dr., Bedford NH 0310 jonathan@zdziarski.com Copyright © 208 by Jonathan Zdziarski, Al Rights Reserved Document Rev. 13; June 2, 208 Device Firmware 1.0.2 – 1.1.4 ACKNOWLEDGEMENTS Many thanks to Forensic Agent David C. Graham for his validation work and Windows platform testing/troubleshoting, to Yousef Francis and Pepjin Oomen for acomodating my change requests to adapt iLiberty+ for forensic purposes, to Arnaldo Viegas de Lima for Windows platform troubleshoting and suport, and to the iPhone Dev Team for ongoing research in legal, ethical techniques for acesing the iPhone/iPod touch platforms. REDISTRIBUTION AND CONFIDENTIALITY The contents of this document are confidential information and

intended only for authorized public law enforcement personel. Permision is hereby granted to redistribute this document in its original form TO PUBLIC LAW ENFORCEMENT PERSONEL ONLY. Al other redistribution is strictly prohibited without writen consent. If you are not authorized to view this document, you are hereby instructed to destroy its electronic contents and destroy or transfer any physical materials to authorized personel. UPDATES Periodic updates of this document are provided fre of charge to public law enforcement personel. To subscribe to receive future updates, send an email to the author from a verifiable public law enforcement acount. DISCLAIMER THE CONTENTS PROVIDED IN THIS MANUAL ARE INTENDED FOR LAWFUL PURPOSES ONLY. THE AUTHOR DISCLAIMS AL RESPONSIBILITY FOR ANY DAMAGES CAUSED BY USE OR MISUSE OF THE INSTRUCTIONS IN THIS MANUAL, INCLUDING BUT NOT LIMITED TO PHYSICAL DAMAGE, LOS OF DATA, LOS OF EVIDENCE, LIABILITY INCURED, VOIDED WARANTY, OR ANY OTHER DAMAGES. THE AUTHOR MAKES NO GUARANTES OF FITNES OR MERCHANTABILITY FOR A PARTICULAR PURPOSE. iPhone/iPod Touch Forensics Manual Zdziarski, J Page 2 of 44 Table of Contents IPHONE/IPOD TOUCH FORENSICS MANUAL 1 TABLE OF CONTENTS 2 INTRODUCTION 4 What You’l Ned 5 Contacting Me 5 ABOUT THE IPHONE 6 Determining the Firmware Version 6 Disk Layout 6 Comunication 7 Power­On Device Modifications (Disclosure) 8 Upgrading the iPhone Firmware 9 Restore Mode and Integrity of Evidence 9 Cros­Contamination of Evidence and Syncing 10 ACCESSING THE DEVICE 11 Instaling the Forensic Tolkit 11 Step 1: Download and Instal iLiberty+ 11 Step 2: Dock the iPhone and Launch iTunes 12 Step 3: Launch iLiberty+ and Ensure Conectivity 12 Step 4: Configure for Forensic‐Tolkit Payload 13 Step 5: Execute the Payload 15 Configuring WiFi and SH 16 Ad‐Hoc Networks 16 Configuring Wireles (Device) 17 SH into the iPhone 17 Instalation Record (Disclosure) 17 Circumventing Pascode Protection 19 iPhone/iPod Touch Forensics Manual Zdziarski, J Page 3 of 44 Step 1: Download the Pascode Bypas RAM disk 20 Step 2: Use iPHUC to Enter Recovery Mode 20 Step 3. Upload and Bot the Pascode Bypas RAM Disk 20 PERFORMING FORENSIC RECOVERY 22 Recovering the Media Partition 22 Mounting Read‐Only 22 Unencrypted Recovery of the Media Partition 22 Encrypted Recovery of the Media Partition 23 File Recovery Using Foremost /Scalpel 25 Configuring Foremost for iPhone Recovery 25 Scaning With Foremost/Scalpel 27 Finding Valid Images with ImageMagick 27 Graphical File Analysis 28 Images of Interest 29 ELECTRONIC DISCOVERY…

Website: cryptocomb.org | Filesize: 991kb
No of Page(s): 44
Source to download iPhone Forensics Manual – Cryptocomb

Related Manual


Related Tags: