Abstract
Apple iPhone has made significant impact on the society both as a handheld computing device and as a cellular phone. Due to the unique hardware system as well as storage structure, iPhone has already attracted the forensic community in digital investigation of the device. Currently available commercial products and methodologies for iPhone forensics are somewhat expensive, complex and often require additional hardware for analysis. Some products are not robust and often fail to extract optimal evidence without modifying the iPhone firmware which makes the analysis questionable in legal platforms. In this paper, we present a simple and inexpensive framework (iFF) for iPhone forensic analysis. Through experimental results using real device, we have shown the effectiveness of this framework in extracting digital evidence from an iPhone.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Milanesi, C., Gupta, A., Vergne, H., Sato, A., Nguyen, T., Zimmermann, A., Cozza, R.: Garner Technology Business Research Insight. In: Dataquest Insight: Market Share for Mobile Devices, 1Q09, http://www.gartner.com/DisplayDocument?id=984612
Radio Tactics Ltd.: Aceso - Mobile forensics wrapped up. In: Radio Tactics | Mobile Phone Forensics, http://www.radio-tactics.com/products/aceso/
Cellebrite Forensics: Cellebrite Mobile Data Synchronization UFED Standard Kit. In: Cellebrite Mobile Data Synchronization, http://www.cellebrite.com/UFED-Standard-Kit.html
Paraben Corporation: Cell Phone Forensics. In: Paraben Corporation, Cell Phone Forensics Software, http://www.paraben-forensics.com/cell_models.html
Micro Systemation: XRY Physical Software. In: XRY the complete mobile forensic solution, http://www.msab.com/products/xry0/overview/page.php
Logicube: Logicube CellDEK Cell Phone Data Extraction. In: Logicube.com, hard drive duplication, copying hard drive & computer forensics, http://www.logicubeforensics.com/products/hd_duplication/celldek.asp
Lohmann, F.: Apple Says iPhone Jailbreaking is Illegal | Electronic Frontier Foundation. In: Electronice Frontier Foundation, Defending Freedom in the Digital World, http://www.eff.org/deeplinks/2009/02/apple-says-jailbreaking-illegal
Association of Chief Police Officers: Good Practice Guide for Computer based Electronic Evidence. In: Association of Chief Police Officers, http://www.dataclinic.co.uk/ACPO%20Guide%20v3.0.pdf (accessed June 2010)
Husain, M., Sridhar, R.: iForensics: Forensic Analysis of Instant Messaging on Smart Phones. In: Goel, S. (ed.) ICDF2C 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 31, pp. 9–18. Springer, Heidelberg (2010)
Paraben Corporation: Forensic Software Comparison Chart. In: Paraben Corporation, Cell Phone Forensics, http://www.paraben-forensics.com/cell-phone-forensics-comparison.html
Zdziarski, J.: iPhone Forensics. O’reilly Media, Sebastopol (2008)
Hoog, A., Gaffaney, K.: iPhone Forensics. In: viaForensics, http://viaforensics.com/wpinstall/wp-content/uploads/2009/03/iPhone-Forensics-2009.pdf
Vaughn, S.: MobileSyncBrowser | View and Recover Your iPhone Data. In: MobileSyncBrowser | View and Recover Your iPhone Data, http://homepage.mac.com/vaughn/msync/
Piacentini, M.: SQLite Database Browser. In: SQLite Database Browser, http://sqlitebrowser.sourceforge.net/
VOWSoft Ltd.: Plist Editor For Windows. In: Download iPod software for Windows, http://www.icopybot.com/plistset.exe
Gondrom, T., Brandner, R., Pordesch, U.: Electronic Record Syntex. Request For Comments 4998, Open Text Corporation (2007)
Brezinski, D., Killalea, T.: Guidelines for Evidence Collection and Archiving. Request For Comments 3227, In-Q-Tel (2002)
Apple Inc.: About the security content of the IPhone 1.1.1 Update, http://support.apple.com/kb/HT1571
Apple Inc.: About the security content of IPhone v1.1.3 and iPod touch v1.1.3, http://support.apple.com/kb/HT1312
Apple Inc.: About the security content of IPhone v2.1, http://support.apple.com/kb/HT3129
Apple Inc.: About the security content of IPhone OS 3.0 Software Update, http://support.apple.com/kb/HT3639
Apple Inc.: About the security content of IPhone OS 3.1 and IPhone OS 3.1.1 for iPod touch, http://support.apple.com/kb/HT3860
Apple Inc.: Apple iPhone. In: Apple-iPhone-Mobile Phone, iPod, and Internet Device, http://www.apple.com/iphone/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Husain, M.I., Baggili, I., Sridhar, R. (2011). A Simple Cost-Effective Framework for iPhone Forensic Analysis. In: Baggili, I. (eds) Digital Forensics and Cyber Crime. ICDF2C 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 53. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19513-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-19513-6_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19512-9
Online ISBN: 978-3-642-19513-6
eBook Packages: Computer ScienceComputer Science (R0)