Mac OS X Forensics
Never give up, the answer is right in front of you...
-
Our Sponsors
-
Custom Search
iPod and
iPhone
UPDATE (08/02/08): The App Store is open, the iPhone 3G is out, and firmware version 2.x is now available for both the iPhone and the iPod Touch. Aside from looking into the simple functionality of applications, one of keen interst to me is the “tethering” application from Nullriver called Netshare. The application itself has been elusive so far, sometimes available, sometimes not in the App Store. Regardless, this shows the power of the iPhone itself. It becomes a mobile wireless router for a laptop computer (or any other computer). This technology is of course available from other devices, but now, we must be aware of it on the iPhone too! Jailbreaking the iPhone 2.x firmware seems to be possible, although I have not done this myself. Along with the 2.x firmware come the new secure method of clearing the iPhone as well.
UPDATE: Apple is now opening the iPhone and iPod Touch for application development. Developers have the SDK or Software Developer Kit in their hands now and the target date is June for releasing finalized applications for these devices. Look for applications that are very similar in function and evidentiary in value to show up on these devices.
New to us is the development happening on the iPod and iPhone. This web page cannot begin to describe what is taught in a cell phone forensic class or specifically an iPhone class such as the Macintosh Forensic Survival Course. What we can do here is mention a few known specifics.
First, the iPod Touch and the iPhone are now running Safari! They also both have Apple Mail, iCal, Contacts, Google Maps, and you guessed it, forensic data that wasn't in previous iPods. What is different is each of these do not offer the "Enable Disk Mode" of the previous iPods. At least not yet. There are hacks that allow for a "Jailbreak" and subsequent use of the iPhone in ways that Apple did not intend. If a user has done this, an entire “computer” is available to the user because the iPhone is running a slimmed down Leopard. You may find remnants of installed applications that aren't normally found on the device.
Cell phone forensics do not apply to an iPhone as they used to with other cell phones. The iPhone is an extremely capable device. It becomes difficult for us when the documentation ends at the intended functions of the device, yet the functions seemingly go on forever because the end user was an intelligent hacker with the right "Jailbreak" applied. When you investigate and examine the iPhone, or iPod Touch, you could be the first to investigate the exact application that was installed!
All other models of the iPod still support "Enable Disk Mode" which means it is straight forward for the user to store files on the iPod and carry them away.
UPDATE (08/02/08): The App Store is open, the iPhone 3G is out, and firmware version 2.x is now available for both the iPhone and the iPod Touch. Aside from looking into the simple functionality of applications, one of keen interst to me is the “tethering” application from Nullriver called Netshare. The application itself has been elusive so far, sometimes available, sometimes not in the App Store. Regardless, this shows the power of the iPhone itself. It becomes a mobile wireless router for a laptop computer (or any other computer). This technology is of course available from other devices, but now, we must be aware of it on the iPhone too! Jailbreaking the iPhone 2.x firmware seems to be possible, although I have not done this myself. Along with the 2.x firmware come the new secure method of clearing the iPhone as well.
UPDATE: Apple is now opening the iPhone and iPod Touch for application development. Developers have the SDK or Software Developer Kit in their hands now and the target date is June for releasing finalized applications for these devices. Look for applications that are very similar in function and evidentiary in value to show up on these devices.
New to us is the development happening on the iPod and iPhone. This web page cannot begin to describe what is taught in a cell phone forensic class or specifically an iPhone class such as the Macintosh Forensic Survival Course. What we can do here is mention a few known specifics.
First, the iPod Touch and the iPhone are now running Safari! They also both have Apple Mail, iCal, Contacts, Google Maps, and you guessed it, forensic data that wasn't in previous iPods. What is different is each of these do not offer the "Enable Disk Mode" of the previous iPods. At least not yet. There are hacks that allow for a "Jailbreak" and subsequent use of the iPhone in ways that Apple did not intend. If a user has done this, an entire “computer” is available to the user because the iPhone is running a slimmed down Leopard. You may find remnants of installed applications that aren't normally found on the device.
Cell phone forensics do not apply to an iPhone as they used to with other cell phones. The iPhone is an extremely capable device. It becomes difficult for us when the documentation ends at the intended functions of the device, yet the functions seemingly go on forever because the end user was an intelligent hacker with the right "Jailbreak" applied. When you investigate and examine the iPhone, or iPod Touch, you could be the first to investigate the exact application that was installed!
All other models of the iPod still support "Enable Disk Mode" which means it is straight forward for the user to store files on the iPod and carry them away.