iPhone Forensics
Recovering Evidence, Personal Data, and Corporate Assets
Publisher: O'Reilly Media
Final Release Date: September 2008
Pages: 144

"This book is a must for anyone attempting to examine the iPhone. The level of forensic detail is excellent. If only all guides to forensics were written with this clarity!"-Andrew Sheldon, Director of Evidence Talks, computer forensics experts

With iPhone use increasing in business networks, IT and security professionals face a serious challenge: these devices store an enormous amount of information. If your staff conducts business with an iPhone, you need to know how to recover, analyze, and securely destroy sensitive data. iPhone Forensics supplies the knowledge necessary to conduct complete and highly specialized forensic analysis of the iPhone, iPhone 3G, and iPod Touch. This book helps you:

  • Determine what type of data is stored on the device
  • Break v1.x and v2.x passcode-protected iPhones to gain access to the device
  • Build a custom recovery toolkit for the iPhone
  • Interrupt iPhone 3G's "secure wipe" process
  • Conduct data recovery of a v1.x and v2.x iPhone user disk partition, and preserve and recover the entire raw user disk partition
  • Recover deleted voicemail, images, email, and other personal data, using data carving techniques
  • Recover geotagged metadata from camera photos
  • Discover Google map lookups, typing cache, and other data stored on the live file system
  • Extract contact information from the iPhone's database
  • Use different recovery strategies based on case needs

And more. iPhone Forensics includes techniques used by more than 200 law enforcement agencies worldwide, and is a must-have for any corporate compliance and disaster recovery plan.

Table of Contents
Product Details
About the Author
Colophon
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
oreillyiPhone Forensics
 
3.0

(based on 4 reviews)

Ratings Distribution

  • 5 Stars

     

    (0)

  • 4 Stars

     

    (2)

  • 3 Stars

     

    (0)

  • 2 Stars

     

    (2)

  • 1 Stars

     

    (0)

33%

of respondents would recommend this to a friend.

Reviewed by 4 customers

Sort by

Displaying reviews 1-4

Back to top

(6 of 6 customers found this review helpful)

 
2.0

Good for academia, but outdated

By RP

from Vancouver, BC

Verified Reviewer

Comments about oreilly iPhone Forensics:

This book is good if you're interested in how things once were, and to understand forensic methods in the iPhone, but the information in the book is completely out of date. The iOS systems have changed, some of the exploits no longer exist, and some of the files/tools used are no longer in development, have been amalgamated into other programs, or otherwise will not work with phones running current software.

Zdziarski won't update his material because he's limiting it to law enforcement, so this book is completely moot.

(0 of 2 customers found this review helpful)

 
4.0

Great introduction to iPhone forensics

By ueberhund

from Salt Lake City, UT

About Me Developer

Verified Reviewer

Pros

  • Accurate
  • Concise
  • Easy to understand
  • Well-written

Cons

  • Not comprehensive enough

Best Uses

  • Intermediate
  • Novice

Comments about oreilly iPhone Forensics:

This is an invaluable resource to understanding forensic details in regards to the iPhone. While it is small in size (coming in at just over 100 pages), it is dense in detail. This book provides good detail about where data on the iPhone is located, how to recover it, and how to keep your forensic footprint small.

For readers not as versed in computer forensics, the book does a good job introducing the subject. The iPhone is disceted in detail, and much information is provided regarding how to access the details of the phone that Apple doesn't want you to get at. Once you get at that information, the book shows how to extract that data onto a non-iPhone device. This is a great read for anyone who may have to deal with recovering data off an iPhone due to terminiation or other law enforcement issues.

My only complaint about the book is that this first edition was printed in September 2008, so it's missing some information about current versions of the iPhone firmware and hardware for the iPhone 3GS iPhone 4. Aside from that single issue, this is an excellent resource, and certainly a great resource for hardware up to the iPhone 3 and firmware versions up to 2.x.

(6 of 7 customers found this review helpful)

 
2.0

Outdated information

By Mike

from Austin, Texas

About Me Sys Admin

Verified Reviewer

Pros

  • Easy to understand

Cons

    Best Uses

      Comments about oreilly iPhone Forensics:

      Useless outdated information. Save your money.

      (1 of 2 customers found this review helpful)

       
      4.0

      Need to examine an iphone/ipod touch? Get this book.

      By Anonymous

      from Undisclosed

      Comments about oreilly iPhone Forensics:

      For such a popular device, you'd think you would find alot more resources for forensic examination of it. Alas, this text is the largest single wealth of information on the subject I could find. It's a good thing for us that it's very well written.

      Be warned, this is not for the forensic newbie. You'll want to be comfortable with the command line at the least. More likely you're experienced with computer forensic work in general, or I hope so if you're expecting to go to court! While Jonathan does a great job writing at length about recovering the evidence and of iphone specific discovery, you're going to have to apply general forensics knowledge after that to finish and complete your discovery. This shouldn't be a problem for the audience of the book though.

      The book covers recovery for firmware 1.0.2 through the latest release as of this writing, 2.1. Pre-1.0.2 recovery requires either a method that the author does not know about or is perhaps not feasible. In that case the author recommends upgrading the firmware as a last resort. Not a very good solution, but that's not Jonathan's fault. If anyone knows another way, please do shoot him an e-mail and he'll probably add it to the errata.

      All in all an excellent book on the subject. Anyone who needs to do some iphone/ipod touch forensics would be remiss not to pick this up. Even if think you can just grab the payloads and do it yourself, there's alot of pitfalls and helpful advice on evidence collection and discovery you'll be missing out on!

      Displaying reviews 1-4

      Back to top

       
      Buy 2 Get 1 Free Free Shipping Guarantee
      Buying Options
      Immediate Access - Go Digital what's this?
      Ebook: $31.99
      Formats:  DAISY, ePub, Mobi, PDF
      Print & Ebook: $43.99
      This item is not available.
      Print: $39.99
      The shipment of this item may be delayed.