Skip to Main content Skip to Navigation
Conference papers

An Open Source Toolkit for iOS Filesystem Forensics

Abstract : Despite the fact that every iOS release introduces new security restrictions that must be overcome in order to recover data from iPhones, the locations where the data of interest resides are generally consistent. This paper analyzes the iOS filesystem and identifies files and directories that contain data that can aid investigations of traditional crimes involving iPhones as well as hacking and cracking attacks launched from iPhones. Additionally, best practices for minimizing the false positive rate during data carving are identified. These findings are implemented in an open source forensic investigation toolkit that operates in a forensically-sound manner.
Document type :
Conference papers
Complete list of metadata

Cited literature [5 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, November 8, 2016 - 10:49:28 AM
Last modification on : Friday, July 17, 2020 - 9:50:06 PM
Long-term archiving on: : Tuesday, March 14, 2017 - 11:50:27 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Ahmad Cheema, Mian Iqbal, Waqas Ali. An Open Source Toolkit for iOS Filesystem Forensics. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. pp.227-235, ⟨10.1007/978-3-662-44952-3_15⟩. ⟨hal-01393773⟩



Les métriques sont temporairement indisponibles