Apple iPhone

The iPhone is a smartphone made by Apple Inc. and sold with service through AT&T. It can be used to send/receive email (see IPhone Mail Header Format), keep schedules, surf the web, and view videos from YouTube. A large number of forensic products can process iPhones, such as Oxygen Forensic Suite 2010.

In December 2009, Nicolas Seriot presented (PDF) a harvesting application, SpyPhone. This application grabs data as sensitive as location data and a cache of keyboard words. It neither requires jailbreaking nor makes Private API calls (which Apple's App Store does not allow in any application it distributes).

Tools

• iphone Data Protection is a set of tools that can image and decrypt an iPhone. The tools can even brute-force the iPhone's 4-digit numerical password.

• Jonathan Zdziarski has released tools that will image iPhones, iPads and iPod Touch. (law enforcement only).

• libimobiledevice is a library with utilities for backing up iPhones. The output format is an iTunes-style backup that can be examined with traditional tools. They are available in the Debian-testing packages libimobiledevice and libimobiledevice-utils.

Publications

• Gómez-Miralles, Arnedo-Moreno. [Versatile iPad forensic acquisition using the Apple Camera Connection Kit. Computers And Mathematics With Applications, Volume 63, Issue 2, 2012, pp.544-553.

External Links

• Official web site
• SpyPhone. Noted on Slashdot.
• iPhone Forensics White Paper was originally published in 2009 and updated in November 2010. It review 13 iOS forensic tools and provides detailed information on the results.