Upload
kamal-patel
View
59
Download
0
Embed Size (px)
Citation preview
iOS Forensics
Presented By:
Riddhi Ghevariaya(141060753015)
Kamal Patel(141060753011)
Khushbu Patel(141060753012)
Komal Patel(141060753013)
IEEE Seminar on Advanced Programming on Mobile Devices – I ( 3725304 )
At: GTU PG SCHOOL,GANDHINAGAR
Contents
• Introduction
• Procedure of case study
• Example
• Objective
• Conclusion and Future work
• References
Introduction
Forensic
The process of gathering evidence of sometype of incident or crime that may involvesmobile devices(i.e., The concept of forensics is fordigital evidence).
Procedure of Case study
• Step 1:Preparation
I. Inspect the iphone
II. Record all the work
III. Undertake research
• Step 2: Forensic copy
I. Create a physical forensic copy
II. Hashing it using a cryptography.
Steps of Case study
• Step 3: Forensic Analysis
I. Analysis the system
II. Analysis the catalog file to check existing image file
III. Analysis the journal file or deleted image file
IV. Compare both files
V. Search and recover the deleted file
VI. Locate the cryptography
VII. Decrypt the image file and verify its timestamp
Steps of Case study
• Step 4:Reporting
The challenge of presenting digitalevidence in court of low (i.e., Finding areexplained in a manner that is understanding toinvestigator, judiciary and other decision makers.
e.g., Recovering a deleted image.
What to do with Forensic copy?
Forensiccopy OK?
# RepairOK?
Decrypt thedeleted imagefile is OK?
Recovery ofdeletedimage file
Abort work.Proceed toStep 4 forreporting.
Step 3
Step 4
YES
NO NO
YESNO
NO
YES
Objective
• To provide an evidence that can be useful inCourt of Low.
Conclusion and Future work
• We are able to recover deleted images fileswith timestamp in a forensically soundmanner. Future research opportunities includeundertaking the process outlined in thisresearch for newer iOS devices.
References
• Morrissey, S. & Campbell, T. (2010), IOS forensic analysis for iPhone, iPad,and iPod Touch. Après, New York.
• Aswami Ariffin, Christian D’Orazio, Kim-Kwang Raymond Choo, Jill Slay “iOSForensics: How can we recover deleted image files with timestamp in aforensically sound manner?” at IEEE International Conference onAvailability, Reliability and Security 2013 .
Any Question?