ST2602 Computer Forensics
Mobile Forensics on iPad/iPhone/iTouch
Candice Teo Rui Fen P1030213 (3B22)
Goh Xue Yu P1069341 (3B21)
iPhone disk partitions6
Real World Applications8
Reflections and Task Allocation10
In recent years, mobile forensics is a new science, which means that the items we are used to retrieve from computers are not available on the mobile devices; one such example is deleted files. By constantly changing the models of mobile phones, it is deemed to be a great challenge. Therefore, there is a need to be able to perform forensic investigations on mobile phones since majority of the people rely on mobile phones, particularly iPhone. Also, iPad and iTouch are also hot products developed by Apple. The iPhone was first released to the market in June 2007. The main purpose of the iPhone released was to allow consumers and the public to be able to check their emails, take photographs, browse the internet and many more functions on the go which saves them trouble of switching on their laptop or PC just to check and make their replies respectively. Other than the named functions of an iPhone, there are also applications that help the organization work flow and also provide entertainment. As iPhone has been widely used today, more and more applications are developed to help one does their job on the go. These applications not only serve to help the organization, it also helps students and even the elderly these days. With such a robust amoung of iPhone users, many consumers have treated it as a mini computer no matter where they go. With a large number of users using this smart phone, this would mean that most of the data will be stored in this small little device. In iPhone forensics, there are many aspects which we are looking at in terms of hardware and software. We will further explain the aspects below. iPhone Specification
Comparing the differences between the four different iPhone models, iPhones do have integrated GPS except that of iPhone first generation, which can actually track the location of the iPhones. This helps in tracking the previous locations which the iPhone has been which the information can be viewed at the micro read level which will be covered later on. Also, the table below shows the basic applications inbuilt in the iPhone. These applications might render some help in the mobile forensic investigation. Application| How information helps|
Map| Previous location user has gone to|
Call| Provide call logs between user and others|
Photos| Provide latitude and longitude when the picture was taken (if location services are enabled)| Mail| Emails received/sent/drafts|
Messages| Conversations between user and others|
Calender| Provides dates user deemed as important (marked dates)| By having the information from these built-in applications, we can at least gather some evidence and document the end results to further on analyze before we can recover deleted files such as deleted emails.
When we talk about iPhone leveling, we will tools to do the different classification. The tool, developed by Sam Brothers in 2007, allows the examiner to assign the iPhone to whichever category depending on the different depths of examination they are doing. The main purpose of this tool is to allow easier comparison between the tools and provides a standard for examiners. The purpose is also to let examiners know what they are doing with the iPhone.
It can be seen...