Synopses & Reviews
"This book is a must for anyone attempting to examine the iPhone. The level of forensic detail is excellent. If only all guides to forensics were written with this clarity!"-Andrew Sheldon, Director of Evidence Talks, computer forensics experts
With iPhone use increasing in business networks, IT and security professionals face a serious challenge: these devices store an enormous amount of information. If your staff conducts business with an iPhone, you need to know how to recover, analyze, and securely destroy sensitive data. iPhone Forensics supplies the knowledge necessary to conduct complete and highly specialized forensic analysis of the iPhone, iPhone 3G, and iPod Touch. This book helps you:
- Determine what type of data is stored on the device
- Break v1.x and v2.x passcode-protected iPhones to gain access to the device
- Build a custom recovery toolkit for the iPhone
- Interrupt iPhone 3G's "secure wipe" process
- Conduct data recovery of a v1.x and v2.x iPhone user disk partition, and preserve and recover the entire raw user disk partition
- Recover deleted voicemail, images, email, and other personal data, using data carving techniques
- Recover geotagged metadata from camera photos
- Discover Google map lookups, typing cache, and other data stored on the live file system
- Extract contact information from the iPhone's database
- Use different recovery strategies based on case needs
And more. iPhone Forensics includes techniques used by more than 200 law enforcement agencies worldwide, and is a must-have for any corporate compliance and disaster recovery plan.
Synopsis
(From author) With the iPhone quickly becoming the world's #1 mobile device, they are increasingly used for business, and enterprises are finding a need to adequately manage sensitive data. iPhones store an enormous amount of information useful to both security professionals and malicious intruders. Any system administrator responsible for staff who conduct business with the iPhone should know how to recover, analyze, and securely destroy sensitive data. iPhone Forensics gives IT professionals, security professionals, and forensic investigators the knowledge needed to conduct complete and highly specialized forensic analysis of an iPhone or iPod Touch. This book -- a must-have for corporate compliance and disaster recovery plans -- shows the reader how to recover and extract such information as typing caches, Google map searches, deleted images, email, and other sensitive data retained by the iPhone. The reader will learn the same advanced techniques used by law enforcement, including data carving, evidence preservation, and overriding passcode protection. The materials included in this book have been used by over 200 law enforcement agencies worldwide and are now available for private sector investigators and enlightened geeks.
About the Author
Jonathan Zdziarski is better known as the hacker "NerveGas" in the iPhone development community. His work in cracking the iPhone helped lead the effort to port the first open source applications, and his book, iPhone Open Application Development, taught developers how to write applications for the popular device long before Apple introduced its own SDK. Prior to the release of iPhone Forensics, Jonathan wrote and supported an iPhone forensics manual distributed exclusively to law enforcement. Jonathan frequently consults law enforcement agencies and assists forensic examiners in their investigations. He teaches an iPhone forensics workshop in his spare time to train forensic examiners and corporate security personnel.
Jonathan is also a full-time research scientist specializing in machine learning technology to combat online fraud and spam, an effort that led him to develop networking products capable of learning how to protect customers. He is founder of the DSPAM project, a high-profile, next-generation spam filter that was acquired in 2006 by Sensory Networks, Inc. He lectures widely on the topic of spam and is a foremost researcher in the fields of machine-learning and algorithmic theory.
Jonathan's website is zdziarski.com.
Table of Contents
Dedication; Foreword; Preface; Audience of This Book; Acknowledgments; Organization of the Material; Conventions Used in This Book; Using Code Examples; Legal Disclaimer; Safari® Books Online; We'd Like to Hear from You; Chapter 1: Introduction to Computer Forensics; 1.1 Making Your Search Legal; 1.2 Rules of Evidence; 1.3 Good Forensic Practices; 1.4 Technical Processes; Chapter 2: Understanding the iPhone; 2.1 What's Stored; 2.2 Equipment You'll Need; 2.3 Determining the Firmware Version; 2.4 Disk Layout; 2.5 Communication; 2.6 Upgrading the iPhone Firmware; 2.7 Restore Mode and Integrity of Evidence; 2.8 Cross-Contamination and Syncing; Chapter 3: Accessing the iPhone; 3.1 Installing the Recovery Toolkit (Firmware v1.0.2-1.1.4); 3.2 Circumventing Passcode Protection (Firmware v1.0.2-1.1.4); 3.3 Installing the Recovery Toolkit (Firmware v2.x); 3.4 Removing the Forensic Recovery Toolkit; Chapter 4: Forensic Recovery; 4.1 Configuring Wi-Fi and SSH; 4.2 Recovering the Media Partition; 4.3 Data Carving Using Foremost/Scalpel; 4.4 Validating Images with ImageMagick; 4.5 Strings Dump; 4.6 The Takeaway; Chapter 5: Electronic Discovery; 5.1 Converting Timestamps; 5.2 Mounting the Disk Image; 5.3 Graphical File Navigation; 5.4 Extracting Image Geotags with Exifprobe; 5.5 SQLite Databases; 5.6 Important Database Files; 5.7 Property Lists; 5.8 Other Important Files; Chapter 6: Desktop Trace; 6.1 Proving Trusted Pairing Relationships; 6.2 Serial Number Records; 6.3 Device Backups; 6.4 Activation Records; Chapter 7: Case Help; 7.1 Employee Suspected of Inappropriate Communication; 7.2 Employee Destroyed Important Data; 7.3 Seized iPhone: Whose Is It and Where Is He?; Disclosures and Source Code; Power-On Device Modifications (Disclosure); Installation Record (Disclosure); Technical Procedure; Colophon;