11
iOS Forensics Presented By: Riddhi Ghevariaya(141060753015) Kamal Patel(141060753011) Khushbu Patel(141060753012) Komal Patel(141060753013) IEEE Seminar on Advanced Programming on Mobile Devices – I ( 3725304 ) At: GTU PG SCHOOL,GANDHINAGAR

Ios forensics

Embed Size (px)

Citation preview

Page 1: Ios forensics

iOS Forensics

Presented By:

Riddhi Ghevariaya(141060753015)

Kamal Patel(141060753011)

Khushbu Patel(141060753012)

Komal Patel(141060753013)

IEEE Seminar on Advanced Programming on Mobile Devices – I ( 3725304 )

At: GTU PG SCHOOL,GANDHINAGAR

Page 2: Ios forensics

Contents

• Introduction

• Procedure of case study

• Example

• Objective

• Conclusion and Future work

• References

Page 3: Ios forensics

Introduction

Forensic

The process of gathering evidence of sometype of incident or crime that may involvesmobile devices(i.e., The concept of forensics is fordigital evidence).

Page 4: Ios forensics

Procedure of Case study

• Step 1:Preparation

I. Inspect the iphone

II. Record all the work

III. Undertake research

• Step 2: Forensic copy

I. Create a physical forensic copy

II. Hashing it using a cryptography.

Page 5: Ios forensics

Steps of Case study

• Step 3: Forensic Analysis

I. Analysis the system

II. Analysis the catalog file to check existing image file

III. Analysis the journal file or deleted image file

IV. Compare both files

V. Search and recover the deleted file

VI. Locate the cryptography

VII. Decrypt the image file and verify its timestamp

Page 6: Ios forensics

Steps of Case study

• Step 4:Reporting

The challenge of presenting digitalevidence in court of low (i.e., Finding areexplained in a manner that is understanding toinvestigator, judiciary and other decision makers.

e.g., Recovering a deleted image.

Page 7: Ios forensics

What to do with Forensic copy?

Forensiccopy OK?

# RepairOK?

Decrypt thedeleted imagefile is OK?

Recovery ofdeletedimage file

Abort work.Proceed toStep 4 forreporting.

Step 3

Step 4

YES

NO NO

YESNO

NO

YES

Page 8: Ios forensics

Objective

• To provide an evidence that can be useful inCourt of Low.

Page 9: Ios forensics

Conclusion and Future work

• We are able to recover deleted images fileswith timestamp in a forensically soundmanner. Future research opportunities includeundertaking the process outlined in thisresearch for newer iOS devices.

Page 10: Ios forensics

References

• Morrissey, S. & Campbell, T. (2010), IOS forensic analysis for iPhone, iPad,and iPod Touch. Après, New York.

• Aswami Ariffin, Christian D’Orazio, Kim-Kwang Raymond Choo, Jill Slay “iOSForensics: How can we recover deleted image files with timestamp in aforensically sound manner?” at IEEE International Conference onAvailability, Reliability and Security 2013 .

Page 11: Ios forensics

Any Question?


iOS Forensics: Overcoming iPhone Data Protection

iOS Forensics: Overcoming iPhone Data Protection

Technology
Practical Firmware Reversing and Exploit Development for ... · •Opensource reverse engineering framework (RE, debugger, forensics) •Crossplatform (Linux,Mac,Windows,QNX,Android,iOS,

Practical Firmware Reversing and Exploit Development for ... · •Opensource reverse engineering framework (RE, debugger, forensics) •Crossplatform (Linux,Mac,Windows,QNX,Android,iOS,

Documents
Mac OS X and iOS Forensics - PUT.AS€¦ · Mac OS X and iOS Forensics LOOKING INTO THE PAST WITH FSEVENTS SANS DFIRSUMMIT 2017 NICOLE IBRAHIM G-C PARTNERS, LLC. Who am I? •Digital

Mac OS X and iOS Forensics - PUT.AS€¦ · Mac OS X and iOS Forensics LOOKING INTO THE PAST WITH FSEVENTS SANS DFIRSUMMIT 2017 NICOLE IBRAHIM G-C PARTNERS, LLC. Who am I? •Digital

Documents
Evolution of iOS Data Protection and iPhone Forensics: from iPhone OS ... · Evolution of iOS Data Protection and iPhone Forensics: from iPhone OS to iOS 5 Andrey Belenko & Dmitry

Evolution of iOS Data Protection and iPhone Forensics: from iPhone OS ... · Evolution of iOS Data Protection and iPhone Forensics: from iPhone OS to iOS 5 Andrey Belenko & Dmitry

Documents
iOS Forensics with Open-Source Tools - Black Hat · PDF fileiOS Forensics with Open-Source Tools Andrey Belenko. AGENDA ... 2014.11 BHSP.key Created Date: 11/26/2014 6:39:47 PM

iOS Forensics with Open-Source Tools - Black Hat · PDF fileiOS Forensics with Open-Source Tools Andrey Belenko. AGENDA ... 2014.11 BHSP.key Created Date: 11/26/2014 6:39:47 PM

Documents
iPhone Forensics Methodology and Tools · Forensics methodologies, iPhone forensics, forensics tools, digital forensics evidence handling, INTRODUCTION iPhone mobile phone is becoming

iPhone Forensics Methodology and Tools · Forensics methodologies, iPhone forensics, forensics tools, digital forensics evidence handling, INTRODUCTION iPhone mobile phone is becoming

Documents
Enhancing Mobile Forensics on iOS by Jeremy Whitaker A ... · Computer Forensics is a discipline that involves obtaining and analyzing computer data for judicial purposes. Typically

Enhancing Mobile Forensics on iOS by Jeremy Whitaker A ... · Computer Forensics is a discipline that involves obtaining and analyzing computer data for judicial purposes. Typically

Documents
iOS Forensics

iOS Forensics

Technology
Digital Evidence and Computer Forensics Oct 7-8 2013/Tab 02 Oct 7-8... · Digital Evidence and Computer Forensics COMPUTER FORENSICS FORENSICS FORENSICS

Digital Evidence and Computer Forensics Oct 7-8 2013/Tab 02 Oct 7-8... · Digital Evidence and Computer Forensics COMPUTER FORENSICS FORENSICS FORENSICS

Documents
Leveraging Memory Forensics to Decrypt iOS Backups...Problem Overview The amount of iOS devices globally has been increasing. Mobile forensics often has limitations in obtaining evidence

Leveraging Memory Forensics to Decrypt iOS Backups...Problem Overview The amount of iOS devices globally has been increasing. Mobile forensics often has limitations in obtaining evidence

Documents
BH US 11 Belenko iOS Forensics Slides

BH US 11 Belenko iOS Forensics Slides

Documents
Memory Forensics - publish.illinois.edupublish.illinois.edu/.../files/2014/03/acc-forensics.pdfWhat is Computer Forensics? Mobile Device Forensics Network Forensics Memory & Data Forensics

Memory Forensics - publish.illinois.edupublish.illinois.edu/.../files/2014/03/acc-forensics.pdfWhat is Computer Forensics? Mobile Device Forensics Network Forensics Memory & Data Forensics

Documents
Open Source Tools for Mobile Forensics · PDF fileOPEN SOURCE TOOLS FOR MOBILE FORENSICS ... By now supports iOS and Android ... WhatsApp Database Encryption Project

Open Source Tools for Mobile Forensics · PDF fileOPEN SOURCE TOOLS FOR MOBILE FORENSICS ... By now supports iOS and Android ... WhatsApp Database Encryption Project

Documents
Evolution of iOS Data Protection and iPhone Forensics: from iPhone OS to iOS 5media.blackhat.com/bh-ad-11/Belenko/bh-ad-11-Belenko-iOS... · 2012-04-07 · iOS: Why Even Bother? •

Evolution of iOS Data Protection and iPhone Forensics: from iPhone OS to iOS 5media.blackhat.com/bh-ad-11/Belenko/bh-ad-11-Belenko-iOS... · 2012-04-07 · iOS: Why Even Bother? •

Documents
IOS Application Security Part 10 – IOS Filesystem and Forensics

IOS Application Security Part 10 – IOS Filesystem and Forensics

Documents
iOS Forensics: where are we now and what are we missing? · 2017. 10. 5. · iOS Forensics Tools Forensic Tools Cellebrite Physical Analyzer Magnet IEF/AXIOM/Acquire Oxygen Forensic

iOS Forensics: where are we now and what are we missing? · 2017. 10. 5. · iOS Forensics Tools Forensic Tools Cellebrite Physical Analyzer Magnet IEF/AXIOM/Acquire Oxygen Forensic

Documents
Jailbroken iPhone Forensics for the Investigations and … · Jailbroken iPhone Forensics for the Investigations and Controversy to Digital Evidence ... Keywords: iPhone, iOS, Jailbreak,

Jailbroken iPhone Forensics for the Investigations and … · Jailbroken iPhone Forensics for the Investigations and Controversy to Digital Evidence ... Keywords: iPhone, iOS, Jailbreak,

Documents
Mac OS X and iOS Forensics...mac os x and ios forensics looking into the past with fsevents sans dfirsummit 2017 nicole ibrahim g-c partners, llc

Mac OS X and iOS Forensics...mac os x and ios forensics looking into the past with fsevents sans dfirsummit 2017 nicole ibrahim g-c partners, llc

Documents
iOS FORENSICS: WHERE ARE WE NOW AND WHAT ARE WE … · lock-screens.html ¡ Latest available for iOS 9.3.1 ¡ CVE-2016-1852 ¡ “Siri in Apple iOS before 9.3.2 does not block data

iOS FORENSICS: WHERE ARE WE NOW AND WHAT ARE WE … · lock-screens.html ¡ Latest available for iOS 9.3.1 ¡ CVE-2016-1852 ¡ “Siri in Apple iOS before 9.3.2 does not block data

Documents
Powerpoint Templates Page 1 Powerpoint Templates iOS Security and Forensics

Powerpoint Templates Page 1 Powerpoint Templates iOS Security and Forensics

Documents
iOS Forensics: Overcoming iPhone Data Protection...iOS Forensics 101 • iOS is modified version of Mac OS X • Familiar environment • iOS enforces additional security • Code

iOS Forensics: Overcoming iPhone Data Protection...iOS Forensics 101 • iOS is modified version of Mac OS X • Familiar environment • iOS enforces additional security • Code

Documents
Forensics & Anti- Forensics

Forensics & Anti- Forensics

Documents
RecurityLabs Developments in IOS Forensics

RecurityLabs Developments in IOS Forensics

Documents
iOS Forensics: where are we now and what are we missing? · PDF fileSANS FOR 585 -Advanced Smartphone Forensics . 60

iOS Forensics: where are we now and what are we missing? · PDF fileSANS FOR 585 -Advanced Smartphone Forensics . 60

Documents
Comp ter Forensics It’s NotComputer Forensics: It’s … ter Forensics It’s NotComputer Forensics: ... Computer Forensics Can be Useful with ... Solid state drives & deleted file

Comp ter Forensics It’s NotComputer Forensics: It’s … ter Forensics It’s NotComputer Forensics: ... Computer Forensics Can be Useful with ... Solid state drives & deleted file

Documents
COMPUTER FORENSICS - Boise Chapter€¦ · 3 Mobile device forensics 4 Other 5 References Computer forensics Main article: computer forensics ... 1.19 Computer Forensics Solution

COMPUTER FORENSICS - Boise Chapter€¦ · 3 Mobile device forensics 4 Other 5 References Computer forensics Main article: computer forensics ... 1.19 Computer Forensics Solution

Documents
iOS FORENSICS: WHERE ARE WE NOW AND WHAT ARE … · iOS FORENSICS: WHERE ARE WE NOW AND WHAT ARE WE MISSING? ... iPhone 2G A1203 M68AP iPhone1,1 2007 4, 8, 16 . ... ¡ itunesstored.2.log

iOS FORENSICS: WHERE ARE WE NOW AND WHAT ARE … · iOS FORENSICS: WHERE ARE WE NOW AND WHAT ARE WE MISSING? ... iPhone 2G A1203 M68AP iPhone1,1 2007 4, 8, 16 . ... ¡ itunesstored.2.log

Documents
Learning iOS Forensics - Sample Chapter

Learning iOS Forensics - Sample Chapter

Documents
Cisco IOS XR memory forensics analysis · 2020-02-12 · I - IOS XR internals & forensics analysis We would like to be able to analyze a router to know if it was compromised For that

Cisco IOS XR memory forensics analysis · 2020-02-12 · I - IOS XR internals & forensics analysis We would like to be able to analyze a router to know if it was compromised For that

Documents
iOS Forensics: where are we now and what are we missing?

iOS Forensics: where are we now and what are we missing?

Technology