iphone forensics on ios5
TRANSCRIPT
iPhone ForensicsiPhone Forensics
Satish BEmail: [email protected]
Chain Of Trust – Normal Chain Of Trust – Normal ModeMode
2
BootRom
Low Level Bootloader
User Applications
iBoot
Kernel
Chain Of Trust – DFU ModeChain Of Trust – DFU Mode
3
BootRom
iBSS
RAM DISK
iBEC
Kernel
Breaking the Chain Of Trust Breaking the Chain Of Trust
4
BootRom
iBSS
Custom RAM DiSK
iBEC
Kernel
limera1n
Patch
Patch
Patch
ForensicsForensics
5
Creating & Loading forensic toolkit on to the device without damaging the evidence
Establishing a communication between the device and the computer
Bypassing the iPhone passcode restrictions
Reading the encrypted file system
Recovering the deleted files
ReferencesReferences
6
iPhone data protection in depth by Jean-Baptiste Bédrune, Jean Sigwaldhttp://esec-lab.sogeti.com/dotclear/public/publications/11-hitbamsterdam-iphonedataprotection.pdf
iPhone data protection tools http://code.google.com/p/iphone-dataprotection/ ‘Handling iOS encryption in forensic investigation’ by
Jochem van Kerkwijk iPhone Forensics by Jonathan Zdziarski iPhone forensics white paper – viaforensics Keychain dumper 25C3: Hacking the iPhone The iPhone wiki