Skip to content

Apple iphone

The iPhone is a smartphone made by Apple Inc. and sold with service through AT&T. It can be used to send/receive email (see IPhone Mail Header Format, keep schedules, surf the web, and view videos from YouTube. A large number of forensic products can process iPhones, see Tools section.

In December 2009, Nicolas Seriot presented a paper 1 in combination with a harvesting application named SpyPhone. This application grabs data as sensitive as location data and a cache of keyboard words. It neither requires jailbreaking nor makes Private API calls (which Apple's App Store does not allow in any application it distributes).

Tools

  • Belkasoft Evidence Center by Belkasoft can make iPhone logical acquisition and analyze iOS backups and dumps.
  • Cellebrite BlackBag Technology Mobilyze
  • Cellebrite UFED
  • Elcomsoft Mobile Forensic Bundle performs physical, logical and over-the-air acquisition.
  • EnCase Neutrino
  • Internet Evidence Finder by Magnet Forensics
  • iPhone Analyzer
  • iphone-dataprotection; a set of tools that can image and decrypt an iPhone. The tools can even brute-force the iPhone's 4-digit numerical password.
  • libimobiledevice is a library with utilities for backing up iPhones. The output format is an iTunes-style backup that can be examined with traditional tools. They are available in the Debian-testing packages libimobiledevice and libimobiledevice-utils.
  • Logicube CellDEK
  • MacLock Pick
  • Micro Systemation .XRY
  • Mobile Sync Browser
  • Nuix Desktop can detect and analyse many databases from iOS and iPhones and can directly ingest HFSX dd images.
  • Oxygen Forensic Suite
  • Paraben Device Seizure
  • SpyPhone

Publications