Ios forensics

iOS Forensics

Presented By:

Riddhi Ghevariaya(141060753015)

Kamal Patel(141060753011)

Khushbu Patel(141060753012)

Komal Patel(141060753013)

IEEE Seminar on Advanced Programming on Mobile Devices – I ( 3725304 )

At: GTU PG SCHOOL,GANDHINAGAR

Contents

• Introduction

• Procedure of case study

• Example

• Objective

• Conclusion and Future work

• References

Introduction

Forensic

The process of gathering evidence of sometype of incident or crime that may involvesmobile devices(i.e., The concept of forensics is fordigital evidence).

Procedure of Case study

• Step 1:Preparation

I. Inspect the iphone

II. Record all the work

III. Undertake research

• Step 2: Forensic copy

I. Create a physical forensic copy

II. Hashing it using a cryptography.

Steps of Case study

• Step 3: Forensic Analysis

I. Analysis the system

II. Analysis the catalog file to check existing image file

III. Analysis the journal file or deleted image file

IV. Compare both files

V. Search and recover the deleted file

VI. Locate the cryptography

VII. Decrypt the image file and verify its timestamp

Steps of Case study

• Step 4:Reporting

The challenge of presenting digitalevidence in court of low (i.e., Finding areexplained in a manner that is understanding toinvestigator, judiciary and other decision makers.

e.g., Recovering a deleted image.

What to do with Forensic copy?

Forensiccopy OK?

# RepairOK?

Decrypt thedeleted imagefile is OK?

Recovery ofdeletedimage file

Abort work.Proceed toStep 4 forreporting.

Step 3

Step 4

Objective

• To provide an evidence that can be useful inCourt of Low.

Conclusion and Future work

• We are able to recover deleted images fileswith timestamp in a forensically soundmanner. Future research opportunities includeundertaking the process outlined in thisresearch for newer iOS devices.

References

• Morrissey, S. & Campbell, T. (2010), IOS forensic analysis for iPhone, iPad,and iPod Touch. Après, New York.

• Aswami Ariffin, Christian D’Orazio, Kim-Kwang Raymond Choo, Jill Slay “iOSForensics: How can we recover deleted image files with timestamp in aforensically sound manner?” at IEEE International Conference onAvailability, Reliability and Security 2013 .

Any Question?

Ios forensics

Engineering

iOS FORENSICS: WHERE ARE WE NOW AND WHAT ARE WE … · lock-screens.html ¡ Latest available for iOS 9.3.1 ¡ CVE-2016-1852 ¡ “Siri in Apple iOS before 9.3.2 does not block data

iOS Forensics: where are we now and what are we missing? · PDF fileSANS FOR 585 -Advanced Smartphone Forensics . 60

Forensics · Disk Forensics Mobile Forensics E-mail investigations Questioned document Cryptography, examination Steganography Live Forensics and Network Forensics Audio/video authentication

Digital Evidence and Computer Forensics Oct 7-8 2013/Tab 02 Oct 7-8... · Digital Evidence and Computer Forensics COMPUTER FORENSICS FORENSICS FORENSICS

Developments in IOS Forensics 2.0.10 export...Heap Reconstruction IOS uses one large heap The IOS heap contains plenty of meta-data for debugging purposes 40 bytes overhead per heap

Mac OS X and iOS Forensics...mac os x and ios forensics looking into the past with fsevents sans dfirsummit 2017 nicole ibrahim g-c partners, llc

Developments in IOS Forensics 1.3 export - Black Hat · Cisco IOS Forensics ... Cisco IOS Cisco ... TCL scripting is available on later Cisco IOS versions TCL scripts listening on

Powerpoint Templates Page 1 Powerpoint Templates iOS Security and Forensics

iOS Forensics: Overcoming iPhone Data Protection

Enhancing Mobile Forensics on iOS by Jeremy Whitaker A ... · Computer Forensics is a discipline that involves obtaining and analyzing computer data for judicial purposes. Typically

iOS Forensics

Learning iOS Forensics - Sample Chapter

RecurityLabs Developments in IOS Forensics

iOS FORENSICS: WHERE ARE WE NOW AND WHAT … · iOS FORENSICS: WHERE ARE WE NOW AND WHAT ARE WE MISSING? MATTIA EPIFANI – PASQUALE STIRPARO SANS EU DIGITAL FORENSICS SUMMIT 2016

Leveraging Memory Forensics to Decrypt iOS Backups...Problem Overview The amount of iOS devices globally has been increasing. Mobile forensics often has limitations in obtaining evidence

iOS Forensics with Open-Source Tools - Black Hat · PDF fileiOS Forensics with Open-Source Tools Andrey Belenko. AGENDA ... 2014.11 BHSP.key Created Date: 11/26/2014 6:39:47 PM

Developments in IOS Forensics 1.3 export - DEF CON · IOS-XR Commercial QNX microkernel Real processes (memory protection?) Concurrent scheduling Significantly higher hardware requirements

Windows 8 Forensics & Anti Forensics

Mac OS X and iOS Forensics - PUT.AS€¦ · Mac OS X and iOS Forensics LOOKING INTO THE PAST WITH FSEVENTS SANS DFIRSUMMIT 2017 NICOLE IBRAHIM G-C PARTNERS, LLC. Who am I? •Digital

Practical Firmware Reversing and Exploit Development for ... · •Opensource reverse engineering framework (RE, debugger, forensics) •Crossplatform (Linux,Mac,Windows,QNX,Android,iOS,