iOS Forensics
Presented By:
Riddhi Ghevariaya(141060753015)
Kamal Patel(141060753011)
Khushbu Patel(141060753012)
Komal Patel(141060753013)
IEEE Seminar on Advanced Programming on Mobile Devices – I ( 3725304 )
At: GTU PG SCHOOL,GANDHINAGAR
Contents
• Introduction
• Procedure of case study
• Example
• Objective
• Conclusion and Future work
• References
Introduction
Forensic
The process of gathering evidence of some
type of incident or crime that may involves
mobile devices(i.e., The concept of forensics is for
digital evidence).
Procedure of Case study
• Step 1:Preparation
I. Inspect the iphone
II. Record all the work
III. Undertake research
• Step 2: Forensic copy
I. Create a physical forensic copy
II. Hashing it using a cryptography.
Steps of Case study
• Step 3: Forensic Analysis
I. Analysis the system
II. Analysis the catalog file to check existing image
file
III. Analysis the journal file or deleted image file
IV. Compare both files
V. Search and recover the deleted file
VI. Locate the cryptography
VII. Decrypt the image file and verify its timestamp
Steps of Case study
• Step 4:Reporting
The challenge of presenting digital
evidence in court of low (i.e., Finding are
explained in a manner that is understanding to
investigator, judiciary and other decision makers.
e.g., Recovering a deleted image.
What to do with Forensic copy?
Forensic
copy OK?
# Repair
OK?
Decrypt the
deleted image
file is OK?
Recovery of
deleted
image file
Abort
work.
Proceed to
Step 4 for
reporting.
Step 3
Step 4
YES
NO NO
YESNO
NO
YES
Objective
• To provide an evidence that can be useful in
Court of Low.
Conclusion and Future work
• We are able to recover deleted images files
with timestamp in a forensically sound
manner. Future research opportunities include
undertaking the process outlined in this
research for newer iOS devices.
References
• Morrissey, S. & Campbell, T. (2010), IOS forensic analysis for iPhone, iPad,
and iPod Touch. Après, New York.
• Aswami Ariffin, Christian D’Orazio, Kim-Kwang Raymond Choo, Jill Slay “iOS
Forensics: How can we recover deleted image files with timestamp in a
forensically sound manner?” at IEEE International Conference on
Availability, Reliability and Security 2013 .
Any Question?

Ios forensics

  • 1.
    iOS Forensics Presented By: RiddhiGhevariaya(141060753015) Kamal Patel(141060753011) Khushbu Patel(141060753012) Komal Patel(141060753013) IEEE Seminar on Advanced Programming on Mobile Devices – I ( 3725304 ) At: GTU PG SCHOOL,GANDHINAGAR
  • 2.
    Contents • Introduction • Procedureof case study • Example • Objective • Conclusion and Future work • References
  • 3.
    Introduction Forensic The process ofgathering evidence of some type of incident or crime that may involves mobile devices(i.e., The concept of forensics is for digital evidence).
  • 4.
    Procedure of Casestudy • Step 1:Preparation I. Inspect the iphone II. Record all the work III. Undertake research • Step 2: Forensic copy I. Create a physical forensic copy II. Hashing it using a cryptography.
  • 5.
    Steps of Casestudy • Step 3: Forensic Analysis I. Analysis the system II. Analysis the catalog file to check existing image file III. Analysis the journal file or deleted image file IV. Compare both files V. Search and recover the deleted file VI. Locate the cryptography VII. Decrypt the image file and verify its timestamp
  • 6.
    Steps of Casestudy • Step 4:Reporting The challenge of presenting digital evidence in court of low (i.e., Finding are explained in a manner that is understanding to investigator, judiciary and other decision makers. e.g., Recovering a deleted image.
  • 7.
    What to dowith Forensic copy? Forensic copy OK? # Repair OK? Decrypt the deleted image file is OK? Recovery of deleted image file Abort work. Proceed to Step 4 for reporting. Step 3 Step 4 YES NO NO YESNO NO YES
  • 8.
    Objective • To providean evidence that can be useful in Court of Low.
  • 9.
    Conclusion and Futurework • We are able to recover deleted images files with timestamp in a forensically sound manner. Future research opportunities include undertaking the process outlined in this research for newer iOS devices.
  • 10.
    References • Morrissey, S.& Campbell, T. (2010), IOS forensic analysis for iPhone, iPad, and iPod Touch. Après, New York. • Aswami Ariffin, Christian D’Orazio, Kim-Kwang Raymond Choo, Jill Slay “iOS Forensics: How can we recover deleted image files with timestamp in a forensically sound manner?” at IEEE International Conference on Availability, Reliability and Security 2013 .
  • 11.