?
Solved

ipad/iphone forensics

Posted on 2015-01-12
2
Medium Priority
?
220 Views
Last Modified: 2015-01-29
what software utilities do you use for forensics analysis/acquisition of both ipads and iphones?

Also - if an iPhone was setup as a hotspot, would their be any evidence locally of which devices connected to it/how much data was used?

Likewise if an iPad was connecting to iphones for tethering purposes, would their be evidence on the iPad of what devices it has connected to and how much data was used? Can you provide details of where any such information may be found?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 40544574
You can check out this past EE which I and some experts have shared some insights
http://www.experts-exchange.com/Security/Digital_Forensics/Q_28509151.html

In fact this book pdf tpuch on the WIFI hotspot or related info e.g. in pg 145
The consolidated.db file can hold a tremendous amount of geolocation data. The
database holds goelocation data for every cell tower that the iOS device communicates
with. This data, along with corresponding data from carriers, can link a phone to a
specific location on a given date and time. Clients.plist is a database that also holds
information in reference to Wi-Fi hotspots that the device has come into contact with,
with MAC addresses, geolocation, and date/time values. All this goelocation information
is crucial in investigations where it is imperative to place an individual in the area of a
crime or at the crime scene itself. The consolidated.db and Clients.plist data will be
discussed in greater detail in Chapters 7 and 10.
http://sensperiodit.files.wordpress.com/2011/04/ios-forensic-analysis-for-iphone-ipad-and-ipod-touch.pdf
0
 
LVL 64

Expert Comment

by:btan
ID: 40557139
To add:

I would say all device including mobile are treated no difference from legal point of view as long as the chain of custody for the case concerned required this verifiable proof. In fact , applies to all IT equipment. The means of verification of such hotspot will required if that is to lead to evidence useful in supporting case.

On the context of Tethering, user can tether through Wi-Fi, Bluetooth, or USB. And also any unofficial iphone/ipad WiFi hotspot app So these are domain to check out and in specific for carrier.plist - see this link which include TetheringURL of carrier. Likely you can see this in the IPCC file (“iPhone Carrier Configuration File“) of the host machine syncing the device  http://theiphonewiki.com/wiki/Carrier.plist

Separately, on top of the previous posting on the artefacts, this article on the whereabout and evidence for the device in Apples device is useful - for a quick summary, you can jump straight into the conclusion on the "clues".
http://articles.forensicfocus.com/2013/09/03/from-iphone-to-access-point/
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question