Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Information Security News: IPhone Tantalizes, Frustrates Forensics Experts

IPhone Tantalizes, Frustrates Forensics Experts

From: InfoSec News <alerts_at_infosecnews.org>
Date: Thu, 23 Aug 2007 02:34:41 -0500 (CDT)

http://www.wired.com/gadgets/wireless/news/2007/08/iphone_forensics

By Cathy B. Almeida
08.23.07

Technophiles may love the iPhone, but you criminals? Watch out. The
iPhone may reveal more about your misdeeds than you realize.

Derrick Donnelly, chief technology officer of Blackbag Technologies, a
Silicon Valley-based company specializing in Apple forensic solutions,
is tempted by the rich array of potential evidence an iPhone might
contain.

Will its data favor the defense or the prosecution? "There is more
information in there than your average cell phone," explains Donnelly.
"The ease of use lends itself to more use … and more use creates more
artifacts."

The iPhone's web, e-mail and phone functionality -- combined with its 4-
or 8-GB storage capacity -- means it can serve as a window into the
personality, lifestyle, social circle and actions of the user. "Even
though there might not be a smoking gun right in there," explains
Donnelly, "a lot of these smaller pieces could add up to a bigger piece
that could lead you to further evidence."

But not every forensics expert is convinced. "The iPhone is evil," says
Amber Schroader, CEO of Utah-based Paraben, a leader in
digital-forensics software development. "It's Mac OS X, and it's a
completely closed system."

In other words, it's not easy for a forensics team to guarantee that the
data extracted from an iPhone has not been tampered with. The result is
that juries may find reasonable doubt in how that data was extracted.

The digital-forensics industry is dominated by PC experts, mirroring the
larger percentage of PC users in the marketplace. Mac forensic analysis
is considered a highly specialized service. "To know the iPhone is to
know the Mac or vice versa," explains Donnelly. "Because it's a
different file system and a different operating system, right off the
bat the things you're usually looking for are not in the same places and
they are in a very, very different format."

But even Mac experts like Donnelly are struggling with how to get the
data off the iPhone's closed system without altering the data by turning
on the device. Currently, the iPhone is not compatible with existing
forensic software and data-extraction systems. Forensic experts may be
left with old-school techniques like photographing data as it is
displayed on the screen itself -- as if it were a yellow-taped crime
scene.

Finding a laptop or desktop computer on the scene could help
significantly. "You might not be able to get the information off the
iPhone," says Donnelly, "but you may be able to get other devices that
the iPhone was connected to." If the user had uploaded their phone's
data, analysts may find copies on the linked computer.

The vast amount of personal data the iPhone can store and personal
habits it can track means it has the potential to say a lot about the
user. But the first challenge may be getting this closed-mouthed phone
to talk.

____________________________________
Attend HITBSecConf2007 - Malaysia
Taking place September 3-6 2007 featuring seven tracks of technical
training and a dual-track security conference with keynote speakers
Lance Spitzner and Mikko Hypponen! - Book your seats today!
http://conference.hitb.org/hitbsecconf2007kl/
Received on Aug 23 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]