iPhone Forensics

The book I read to research this post was iPhone Forensics by Jonathan Zdziarski which is an excellent book which I bought from Amazon. Some examples where iPhones forensics are in a stalking case it maybe necessary to prove someone phoned someone repeatedly or in a drug case that someone used google maps to locate where a dealer lived so he could buy drugs. Some criminals are crafty something often heard is the phone isn't mine I merely got it off someone who owed me money. This can often be proven one way or another by checking if the firmware has been updated via computer & it leaves a trace as to which computer it is. It's necessary to make at least 3 copies of the hard drive on an iPhone when doing digital forensics. One to archive, one to work with & one for if the defence want to get an expert to examine it. You mustn't change anything when copying it which means using some kind of write blocker & disabling it from the network so that no one can phone it. Usually when you copy an iPhone you do it by wireless as it is more straightforward than using the serial port. The copy is normally done using MD5 software. The digital discovery is mostly done using an open source tool called iLiberty+. Any databases like phone number history or browser history will be done using SQLite. Finally unless the phone is unusable it's vital you don't upgrade the firmware as in particular it can rename files which makes your job more difficult. One other point is you can't take too many notes & it's vital you can answer any of the defences questions as otherwise they can have your evidence thrown out.