Skip to Main content Skip to Navigation
Conference papers

An Open Source Toolkit for iOS Filesystem Forensics

Abstract : Despite the fact that every iOS release introduces new security restrictions that must be overcome in order to recover data from iPhones, the locations where the data of interest resides are generally consistent. This paper analyzes the iOS filesystem and identifies files and directories that contain data that can aid investigations of traditional crimes involving iPhones as well as hacking and cracking attacks launched from iPhones. Additionally, best practices for minimizing the false positive rate during data carving are identified. These findings are implemented in an open source forensic investigation toolkit that operates in a forensically-sound manner.
Document type :
Conference papers
Complete list of metadatas

Cited literature [5 references]  Display  Hide  Download

https://hal.inria.fr/hal-01393773
Contributor : Hal Ifip <>
Submitted on : Tuesday, November 8, 2016 - 10:49:28 AM
Last modification on : Thursday, March 5, 2020 - 4:46:33 PM
Document(s) archivé(s) le : Tuesday, March 14, 2017 - 11:50:27 PM

File

978-3-662-44952-3_15_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Ahmad Cheema, Mian Iqbal, Waqas Ali. An Open Source Toolkit for iOS Filesystem Forensics. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. pp.227-235, ⟨10.1007/978-3-662-44952-3_15⟩. ⟨hal-01393773⟩

Share

Metrics

Record views

347

Files downloads

2487