Micro Web Servers
Forensics
Copyright 2011 Technoids.com
iDevice Forensic Information
• iOS Kernel Explotation 2011 PDF
• iOS Keychain Services
• iTunes Backup iOS 5 Database Forensics
• iPhone Forensics, sans iPhone PDF
• iPhone Data Protection in Depth PDF
• iPhone Data Extraction PDF
• iPhone Passcode Bypass PDF
• iPhone Privacy 1 of 2 Black Hat PDF
• iPhone Privacy 2 of 2 PDF
• Logical analysis using Apple iTunes Backup Utility PDF
• Book - Mac OS X, iPod, and iPhone Forensic Analysis
• Jonathan Zdziarski iPhone forensics Blog
• iOS Forensic Research
• Processing iPhone / iPod Touch Backup Files on a Computer
• Anthony Vance Blog
• iPhone Forensics Andrew Hoog 2009 PDF
• iPhone Forensics White Paper
• ZeroTracks deletes your iDevice Geo location data and blocks
your data from being sent to Apple and their partners.
• Quick iPad Forensics on consolidated.db and Associated Files
• EFF reverse engineers Carrier IQ
• Carrier IQ removal and forensics
• iDevice Password Info
• Text Messages Remain on iPhone Long After “Deletion”
• Advanced Passsword Cracking Insight Blog
• Sogeti/ESEC Open-source forensics tools
• The iPhone Wiki Information on the internals of the iPhone
• Recover data from an iPhone
Commercial Forensics Software/Hardware
Tableau TACC1441 Hardware Accelerator
A proven solution for accelerating brute force password
SIMcon Forensics
Recover deleted data from Apple iPhones
BrickHouse Security
Cell Phone Spy Reads Deleted Texts
Paraben software and hardware mobile forenics
A leader in handheld digital forensics since early 2002
Cellebrite Universal Forensics Extraction Device (UFED)
Designed specifically for forensic investigators, Cellebrite’s portable UFED solutions enable
recovery of invaluable evidential data from thousands of mobile devices
EnCase Forensic Software
Integrated Smartphone and Tablet support
Logicube CellDek mobile hardware/software
The CellDEK software automatically performs forensic extraction
Access Data MPE+ mobile forenics software
Supports 3500+ phones including iPhone iPad Android & Backberry devices
Lantern 2 is a cost effective iOS forensic solution
Apple smartphone/ tablet forensic software
Elcomsoft iOS Forensic Toolkit
Enhanced Forensic Access to iPhone/iPad/iPod Devices running Apple iOS
Elcomsoft Phone Password Breaker
Recover Password-Protected BlackBerry and Apple Backups
Oxygen Forensic Suite mobile forensic software
Strong support for Symbian OS, Apple iPhone, Android, Windows Mobile and RIM BlackBerry devices
iXAM iXAMiner - advanced imaging iPhone forensics tool
BlackLight by BlackBag Comprehensive forensic software
Tool to help investigators conduct digital forensic investigations on Mac OS X computers, iPhones and iPads
XRY Micro Systemation Windows software
To preform a secure forensic extraction of data from a wide variety of mobile devices. Support for 5,971 device profiles
Secure View 3 Software Kit
The “Go To” tool for the cell phone forensic investigator, whether from the law enforcement, consultant, corporate, or the military
Mac Forensics Lab MacLockPick
Cross platform forensic field triage with Apple iPhone plugin
Access your messages, call history,notes, contacts, calendars, photosand more from your desktop
Tipard Mac iPhone SMS Transfer
Transfer and or Bcakup iPhone SMS/MMS/Contacts to Mac
Backup Extractor for iPhone: extract and restore files from an iPhone backup on Windows, Linux and OS X
Universal PC Studio with thousands of phones supported
tool that helps you browse, view, export and even EDIT files backed up to iTunes
Browsing iPhone Apps contents and transferring files to or from an iOS device
Free and Open Source Forensics Software
SpyPhone (open source)
It shows the kind of data a rogue application can collect in a non jailbroken iPhone
SSH ramdisk recovery
iRovery libusb-based CLI utility for Mac OS X, Linux, and Windows
iPhone/iPod Touch Backup Extrator (freeware)
Converts the iPhone / iPod Touch backups that are created by iTunes into readily usable Mac OS X files
iPhone Backup Extractor (freeware)
Recover lost iPhone contacts, calendar events, photos, SMS messages, notes, location data and more
iPhoneAnalyser (Does not support IOS 4&5) (freeware)
Explore the internal file structure using either the iphone's own backup files or ssh
Macroplant iExplorer (freeware)
Browse the files and folders on your iPhone as if it were a normal USB flash drive
iPBA iPhone Backup Analyzer (open source)
Utility designed to allow the user to simply browse through the contents of the backup folder of any other iOS device
Visualization of iDevice location data (freeware)
iPhone Backup Browser (open source)
i-FunBox (freeware)
iPhone iPad File Manager
libimobiledevice Linux (open source)
Software library that talks the protocols to support iDevices
USBview (freeware)
Shows iDevice serial number (UUID)
USBdeview (freeware)
Shows iDevice serial number (UUID) More info then USBview
What is Forensics ?
Forensics definition: "The use of science and technology to investigate and establish facts in criminal or civil courts of law"
All electronic devices contain forensic information which is hidden from the consumer. There is always a trade off between privacy and forensic data recovery. Unfortunately the consumer is usually oblivious to the amount of forensic data that can be retrieved from any device. The big problem is criminals and unscrupulous corporations also have access to this information as well. This is nothing new. Electronic data has be captured, recorded and analyzed on a global scale for more than 50 years.
BuggedPlanet's list of tactical and strategical measures used to intercept communications and the vendors and operators of this technology
Got a smart phone and a computer ? With all the new tracking methods your physical location can be tracked to within a few feet at all times
SSH Passwords
Most people who jailbreak change the default root password but forget to change the mobile password. Logging in as mobile password alpine still allows access to personal information
Privacy Issues on iOS 5.X iDevices
Your iPhone was stolen and you remote wiped it but your iMessages may still be going to the wrong place
Wi-Fi Tracking
contains detailed info on all the wireless routers you logged into and gets backed up by iTunes
Key Database Files Forensics in iTunes Backup
Passcode Bypass
Gain access to any password-protected iPad2 (anything that
was on the screen before it was locked, including email, messages, and settings)
Give voice commands to iPhone 4S even with passcode enabled
Reading iDevice eBooks fom iTunes Sync using Firefox
iTunes synced eBooks are in the folder
%userprofile%\Music\iTunes\iTunes Media\Books
Install the Firefox add-on EPUBReader
Firefox File > Open File > path to ebook.epub
iTunes About authorization and deauthorization
Security Bug In iOS 5.0.1
Allows anyone to access Address Book even with a Passcode
How Does Apple Know You Have Jailbroken Your iDevice ?
Contents of /private/var/logs/AppleSupport/general.log
Device Software Diagnostic Log
Version: 3
OS-Version: iPhone OS 5.0.1 (9A405)
Model: iPad1,1
Serial Number: GXXXXXXXXXV
Created: 12/28/2011 20:03:56 -0800
2011-12-28 23:28:42 -0500,115,2DFBCA53-2718-4955-BC35-9E39599D950C,0
2011-12-28 23:37:52 -0500,109,0B8B3A39-3ED4-4D89-AB7A-1827E5A4AC5E,0,MobileCydia,KERN_INVALID_ADDRESS at 0xf0000008
Device Software Diagnostic Log
Version: 3
OS-Version: iPhone OS 5.0.1 (9A405)
Model: iPad1,1
Serial Number: GXXXXXXXXXV
Created: 2011-12-29 23:57:12 -0500
Jailbreak HINT
Delete general.log then
power off and on BEFORE enabling WiFi or 3G and this is what Apple sees
Disable Carrier IQ as well
/private/var/db/launchd.db/com.apple.launchd/overrides.plist contains a list of all the plists that you disabled
Although jailbreaking is legal, Apple can use all the above information (aquired without your knowledge) to void your warranty
