iPhone forensics on iOS5

11,315 views

Published on

  • Be the first to comment

iPhone forensics on iOS5

  1. 1. iPhone Forensics Satish B Email: satishb3@securitylearn.net
  2. 2. Chain Of Trust – Normal Mode BootRom Low Level Bootloader iBoot Kernel User Applications 2
  3. 3. Chain Of Trust – DFU Mode BootRom iBSS iBEC Kernel RAM DISK 3
  4. 4. Breaking the Chain Of Trust limera1n BootRom Patch iBSS Patch iBEC Patch Kernel Custom RAM DiSK 4
  5. 5. Forensics  Creating & Loading forensic toolkit on to the device without damaging the evidence  Establishing a communication between the device and the computer  Bypassing the iPhone passcode restrictions  Reading the encrypted file system  Recovering the deleted files 5
  6. 6. References  iPhone data protection in depth by Jean-Baptiste Bédrune, Jean Sigwald http://esec-lab.sogeti.com/dotclear/public/publications/11-hitbamsterdam- iphonedataprotection.pdf  iPhone data protection tools  http://code.google.com/p/iphone-dataprotection/  ‘Handling iOS encryption in forensic investigation’ by Jochem van Kerkwijk  iPhone Forensics by Jonathan Zdziarski  iPhone forensics white paper – viaforensics  Keychain dumper  25C3: Hacking the iPhone  The iPhone wiki 6
  7. 7. Thank You Satishb3@securitylearn.net http://www.securitylearn.net 7

×