Abstract
Despite the fact that every iOS release introduces new security restrictions that must be overcome in order to recover data from iPhones, the locations where the data of interest resides are generally consistent. This paper analyzes the iOS filesystem and identifies files and directories that contain data that can aid investigations of traditional crimes involving iPhones as well as hacking and cracking attacks launched from iPhones. Additionally, best practices for minimizing the false positive rate during data carving are identified. These findings are implemented in an open source forensic investigation toolkit that operates in a forensically-sound manner.
Chapter PDF
Similar content being viewed by others
Keywords
References
comex, JailbreakMe ( www.jailbreakme.com ), 2011.
D. Compton, Own with an iPhone ( www.youtube.com/watch?v=zBm1UXmgz1k ), 2010.
ElcomSoft, ElcomSoft Phone Password Breaker, Moscow, Russia ( www.elcomsoft.com/eppb.html ), 2014.
A. Hay, D. Krill, B. Kuhar and G. Peterson, Evaluating digital forensic options for the Apple iPad, in Advances in Digital Forensics VII, G. Peterson and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 257–274, 2011.
W. Iqbal, Open source toolkit for iPhone filesystems file analysis ( http://sites.google.com/a/mcs.edu.pk/open-source-toolkit-for-iphone-file-system-files-analysis/open-source-toolkit-for-iphone-file-systems-file-analysis ), 2013.
R. Kubasiak, S. Morrissey, W. Barr, J. Brown, M. Caceres, M. Chasman and J. Cornell, Mac OS X, iPod and iPhone Forensic Analysis, Syngress Publishing, Burlington, Massachusetts, 2009.
R. Mallepally, Implementation of Applications to Improve iPhone Forensic Analysis and Integrity of Evidence, M.S. Thesis, Department of Computing Sciences, Texas A&M University – Corpus Christi, Corpus Christi, Texas, 2011.
National Institute of Standards and Technology, Mobile Devices, Computer Forensics Tool Testing Program, Gaithersburg, Maryland ( www.cftt.nist.gov/mobile_devices.htm ).
J. Schmidt, iOpener: How safe is your iPhone data? The H Security, Heise Media UK, London, United Kingdom ( www.h-online.com/security/features/iOpener-How-safe-is-your-iPhone-data-1266713.html ), July 4, 2011.
J. Sigwald, Analysis of the jailbreakme v3 font exploit, Sogeti ESEC Lab ( http://esec-lab.sogeti.com/post/Analysis-of-the-jailbreakme-v3-font-exploit ), 2011.
J. Zdziarski, iPhone Forensics, O’Reilly Media, Sebastopol, California, 2008.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Cheema, A.R., Iqbal, M.M.W., Ali, W. (2014). An Open Source Toolkit for iOS Filesystem Forensics. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics X. DigitalForensics 2014. IFIP Advances in Information and Communication Technology, vol 433. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44952-3_15
Download citation
DOI: https://doi.org/10.1007/978-3-662-44952-3_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44951-6
Online ISBN: 978-3-662-44952-3
eBook Packages: Computer ScienceComputer Science (R0)