"This book is a must for anyone attempting to examine the iPhone. The level of forensic detail is excellent. If only all guides to forensics were written with this clarity!"
-Andrew Sheldon, Director of Evidence Talks, computer forensics experts
With iPhone use increasing in business networks, IT and security professionals face a serious challenge: these devices store an enormous amount of information. If your staff conducts business with an iPhone, you need to know how to recover, analyze, and securely destroy sensitive data. iPhone Forensics supplies the knowledge necessary to conduct complete and highly specialized forensic analysis of the iPhone, iPhone 3G, and iPod Touch. This book helps you:
Determine what type of data is stored on the device
Break v1.x and v2.x passcode-protected iPhones to gain access to the device
Build a custom recovery toolkit for the iPhone
Interrupt iPhone 3G's "secure wipe" process
Conduct data recovery of a v1.x and v2.x iPhone user disk partition, and preserve and recover the entire raw user disk partition
Recover deleted voicemail, images, email, and other personal data, using data carving techniques
Recover geotagged metadata from camera photos
Discover Google map lookups, typing cache, and other data stored on the live file system
Extract contact information from the iPhone's database
Use different recovery strategies based on case needs
And more. iPhone Forensics includes techniques used by more than 200 law enforcement agencies worldwide, and is a must-have for any corporate compliance and disaster recovery plan.
Chapter 1 Introduction to Computer Forensics
Making Your Search Legal
Rules of Evidence
Good Forensic Practices
Chapter 2 Understanding the iPhone
Equipment You’ll Need
Determining the Firmware Version
Upgrading the iPhone Firmware
Restore Mode and Integrity of Evidence
Cross-Contamination and Syncing
Chapter 3 Accessing the iPhone
Installing the Recovery Toolkit (Firmware v1.0.2–1.1.4)
Jonathan Zdziarski is better known as the hacker "NerveGas" in the iPhone development community. He worked on the initial cracking of the iPhone and helped lead the effort to port the first open source applications. His initial book on the iPhone, iPhone Open Application Development, developed an immediate cult following and taught developers how to write applications for the popular device before the SDK was ever conceived.
Prior to the release of iPhone Forensics, Jonathan wrote and supported an iPhone forensics manual distributed exclusively to law enforcement, and has assisted many forensic examiners in their investigations. Jonathan frequently consults to law enforcement agencies and teaches an iPhone forensics workshop in his spare time to train forensic examiners and corporate security personnel.
Jonathan is also a full-time research scientist specializing in machine learning technology to combat online fraud and spam, and to develop networking products capable of learning how to better protect customers. He is founder of the DSPAM project, a high-profile, next-generation spam filter that was acquired in 2006 by Sensory Networks, Inc. He lectures widely on the topic of spam and is a foremost researcher in the fields of machine-learning and algorithmic theory.
Our look is the result of reader comments, our own experimentation, andfeedback from distribution channels. Distinctive covers complement our distinctiveapproach to technical topics, breathing personality and life into potentiallydry subjects.
The animals on the cover of iPhone Forensics are least weasels (Mustela nivalis). There are 67 species of weasel, including the mink, ermine, ferret, otter,and skunk. Weasels, who are characterized by long, slender bodies and shortlegs, are found on all continents except Antarctica and Australia, and in a vastvariety of habitats. The least weasel is the smallest of the 67 species of weasel.Weighing in at approximately two ounces and measuring less than ten incheslong, the least weasel is the smallest carnivore on Earth. They are foundthroughout the world, in northern climates. In warm weather this weasel'scoat is brown, with a white underside. In winter it turns completely white.Thanks to its camouflage abilities and its speed and agility, the least weasel israrely caught.
The diet of the least weasel is made up primarily of voles and mice, which,because of the weasels' high metabolism, they hunt constantly. One family ofthese little weasels can consume thousands of rodents each year, making themimportant in controlling pest populations. Because it is so small, the leastweasel can follow mice into their burrows and eat them there. Like other weasels,they will occasionally then make their victim's home their own, lining itwith the fur of the former resident when preparing to nest. Least weasels canproduce two litters a year, with three to five young per litter.
The cover image is from Lydekker's Library of Natural History. The cover fontis Adobe ITC Garamond. The text font is Linotype Birka; the heading font isAdobe Myriad Condensed; and the code font is LucasFont's TheSansMono-Condensed.
This book is good if you're interested in how things once were, and to understand forensic methods in the iPhone, but the information in the book is completely out of date. The iOS systems have changed, some of the exploits no longer exist, and some of the files/tools used are no longer in development, have been amalgamated into other programs, or otherwise will not work with phones running current software.
Zdziarski won't update his material because he's limiting it to law enforcement, so this book is completely moot.
Bottom Line No, I would not recommend this to a friend
This is an invaluable resource to understanding forensic details in regards to the iPhone. While it is small in size (coming in at just over 100 pages), it is dense in detail. This book provides good detail about where data on the iPhone is located, how to recover it, and how to keep your forensic footprint small.
For readers not as versed in computer forensics, the book does a good job introducing the subject. The iPhone is disceted in detail, and much information is provided regarding how to access the details of the phone that Apple doesn't want you to get at. Once you get at that information, the book shows how to extract that data onto a non-iPhone device. This is a great read for anyone who may have to deal with recovering data off an iPhone due to terminiation or other law enforcement issues.
My only complaint about the book is that this first edition was printed in September 2008, so it's missing some information about current versions of the iPhone firmware and hardware for the iPhone 3GS iPhone 4. Aside from that single issue, this is an excellent resource, and certainly a great resource for hardware up to the iPhone 3 and firmware versions up to 2.x.
Bottom Line Yes, I would recommend this to a friend
Need to examine an iphone/ipod touch? Get this book.
Comments about oreilly iPhone Forensics:
For such a popular device, you'd think you would find alot more resources for forensic examination of it. Alas, this text is the largest single wealth of information on the subject I could find. It's a good thing for us that it's very well written.
Be warned, this is not for the forensic newbie. You'll want to be comfortable with the command line at the least. More likely you're experienced with computer forensic work in general, or I hope so if you're expecting to go to court! While Jonathan does a great job writing at length about recovering the evidence and of iphone specific discovery, you're going to have to apply general forensics knowledge after that to finish and complete your discovery. This shouldn't be a problem for the audience of the book though.
The book covers recovery for firmware 1.0.2 through the latest release as of this writing, 2.1. Pre-1.0.2 recovery requires either a method that the author does not know about or is perhaps not feasible. In that case the author recommends upgrading the firmware as a last resort. Not a very good solution, but that's not Jonathan's fault. If anyone knows another way, please do shoot him an e-mail and he'll probably add it to the errata.
All in all an excellent book on the subject. Anyone who needs to do some iphone/ipod touch forensics would be remiss not to pick this up. Even if think you can just grab the payloads and do it yourself, there's alot of pitfalls and helpful advice on evidence collection and discovery you'll be missing out on!