Difference between pages "Apple iPhone" and "Aimage"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
m
 
Line 1: Line 1:
The '''iPhone''' is a smartphone made by [[Apple Inc.]] and sold with service through AT&T. It can be used to send/receive [[email]] (see [[IPhone Mail Header Format]]), keep schedules, surf the web, and view videos from YouTube. A large number of forensic products can process iPhones, see Tools section.
+
{{Infobox_Software |
 +
  name = aimage |
 +
  maintainer = [[Simson Garfinkel]], [[Basis Technology]] |
 +
  os = {{Linux}} |
 +
  genre = {{Disk imaging}} |
 +
  license = {{Original BSD license}} |
 +
}}
  
In December 2009, Nicolas Seriot presented ([http://seriot.ch/resources/talks_papers/iPhonePrivacy.pdf PDF]) a harvesting application, [http://github.com/nst/spyphone SpyPhone].  This application grabs data as sensitive as location data and a cache of keyboard words.  It neither requires jailbreaking nor makes Private API calls (which Apple's App Store does not allow in any application it distributes).
+
'''aimage''' (the '''advanced imager''') was an [[imaging]] tool that was part of [[AFF]].
  
== Tools ==
+
'''aimage''' can create files in raw, AFF, AFD, or AFM formats. AFF and AFD formats can be compressed or uncompressed. [[aimage]] can optionally compress and calculate [[MD5]] or [[SHA-1]] hash residues while the data is being copied. It had intelligent error recovery, similar to what is in [[ddrescue]].
* [Cellebrite UFED http://www.cellebrite.com/forensic-solutions/ios-forensics.html]
+
* [http://code.google.com/p/iphone-dataprotection/ iphone Data Protection] is a set of tools that can image and decrypt an iPhone. The tools can even brute-force the iPhone's 4-digit numerical password.
+
* [http://www.iosresearch.org Jonathan Zdziarski] has released tools that will image iPhones, iPads and iPod Touch. (law enforcement only).
+
* [http://www.libimobiledevice.org/ libimobiledevice] is a library with utilities for backing up iPhones. The output format is an iTunes-style backup that can be examined with traditional tools.  They are available in the Debian-testing packages '''libimobiledevice''' and '''libimobiledevice-utils'''.
+
* [[Nuix Desktop]] and [[Proof Finder]] can detect and analyse many databases from iOS and iPhones and can directly ingest HFSX dd images.
+
* [[Oxygen Forensic Suite 2010]]
+
  
== Publications ==
 
* Gómez-Miralles, Arnedo-Moreno. [http://openaccess.uoc.edu/webapps/o2/bitstream/10609/11862/1/iPadForensics.pdf Versatile iPad forensic acquisition using the Apple Camera Connection Kit.] Computers And Mathematics With Applications, Volume 63, Issue 2, 2012, pp.544-553.
 
  
== External Links ==
+
'''aimage'' was withdrawn from support (December 25, 2010)
* [http://www.apple.com/iphone/ Official web site]
+
 
* [http://en.wikipedia.org/wiki/IPhone Wikipedia: iPhone]
+
Linux distributions that packaged '''image''' are encouraged to drop it and package guymager instead.
* [http://en.wikipedia.org/wiki/IOS_jailbreaking Wikipedia: IOS jailbraking]
+
 
* [http://github.com/nst/spyphone SpyPhone].  Noted on [http://it.slashdot.org/story/09/12/04/0413235/Malware-Could-Grab-Data-From-Stock-iPhones?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29 Slashdot].
+
===See Also===
* [https://viaforensics.com/resources/white-papers/iphone-forensics/ iPhone Forensics], by [[Andrew Hoog]], [[Katie Strzempka]], in November 2012. Covers 13x iOS forensic tools and provides detailed information on the results for the iPhone 3G.
+
* [[How_to_image_an_IDE_disk_with_aimage_and_FreeBSD]]

Latest revision as of 20:26, 21 October 2013

aimage
Maintainer: Simson Garfinkel, Basis Technology
OS: Linux
Genre: Disk imaging
License: Original BSD license
Website: {{{website}}}

aimage (the advanced imager) was an imaging tool that was part of AFF.

aimage can create files in raw, AFF, AFD, or AFM formats. AFF and AFD formats can be compressed or uncompressed. aimage can optionally compress and calculate MD5 or SHA-1 hash residues while the data is being copied. It had intelligent error recovery, similar to what is in ddrescue.


'aimage was withdrawn from support (December 25, 2010)

Linux distributions that packaged image are encouraged to drop it and package guymager instead.

See Also