苹果公司将于北京时间明天凌晨1时正式发布iOS 6操作系统,针对早先放出的iOS 6 GM固件,部分国外的调查人员已经进行了一定的研究,一些手机取证产品厂商也即使进行了更新和跟进(如XRY)。
下文作者归纳了iPhone 5的新功能及新特性,共各位手机取证调查人员参考。
iPhone 5 forensics – prepare to be assimilated
by Eric Robi on September 13th, 2012
in Apple, Blog, Cell phone, Computer Forensics, ESI, iOS
Apple just announced the iPhone 5 thus increasing the ubiquity of already ubiquitous iOS platform. Here in the sunny litigation destination of California the iPhone has continued its Borg-like dominance over the hearts and minds of most cell phone owners we encounter. Like the Borg on Star Trek TNG who took control of the minds of hapless humans, the iPhone 5 will no doubt continue its relentless incursion into the realm of eDiscovery. Remember, “Resistance is futile”!
As I followed the Apple launch event, a few things struck me about the iPhone 5 and iOS 6 devices that are likely to have a continued impact on mobile forensics – namely LTE, Passbook, Facebook and the cloud.
LTE
LTE or 4G is the term cell phone carriers such as Verizon and AT&T use to describe their new high speed networks. These new networks supposedly have boatloads of idle capacity just waiting to be filled with data-thirsty iPhone 5s. The obvious forensic implication is that users will be downloading significantly more data than they currently do using the overtaxed 3G networks. More data means more time spent on digital forensics. On a 3G network, an employee transferring a purloined trade secret (such as customer list) via Dropbox might find it rather time-consuing. Using an LTE network the same thief would be able to upload and then download a large file in a flash. Our testing has shown that the currently uncrowded (but sure to change soon) Verizon LTE network capable of sustained data speeds of 5-10Mb/sec. We have easily been able to transfer 100MB files in just a few minutes. Let the naughtiness commence.
Passbook
An entirely new app called Passbook is baked right into iOS 6. It is a potential treasure trove for digital forensics services just waiting to be sliced and diced. Passbook is a digital wallet that allows users to manage airline tickets, concert tickets and rewards cards such as Starbucks on their iPhones. Might an attorney want to know that a user was redeeming his gift card at a certain coffee shop or that he checked onto a particular flight? While this information might be extremely valuable in a case, it still remains to be seen if the data contained in Passbook databases will be accessible to computer forensic analysts or if it will be encrypted and off limits. We will be conducting an evaluation soon.
Facebook and the cloud
You may already be part of the Borg (ahem) Facebook collective. If you are, Apple is making resistance just a little less futile by assimilating Facebook directly into the OS. You will now be able to post a photo from your LA marathon attempt directly to Facebook while you simultaneously claim workers compensation from that nasty workplace injury. Oops. In fact, Siri will be able to post it for you so you can concentrate on your run.
Data stored in the cloud has historically posed a challenge for civil litigators to access. User IDs must be identified, subpoenas must be issued and data such as photographs can be difficult to access if a user has his or her privacy permissions set to ‘friends only’. The iOS ecosystem has the potential to bring the cloud down to earth in the form of the iPhone. Since iOS 6 will store even more data from the cloud than previous versions, it becomes a potential goldmine of eDiscovery. Tweets and Facebook posts that have been deleted from the web, may still be sitting in someone’s pocket. So potentially the cloud may not be quite so unreachable as it is today however the quantity and quality of data that can be recovered from a particular app has been highly variable in our experience. Each app stores different amounts and types of data and it can change from update to update.
I’m going to go work on my golf swing now. Don’t tell the boss. He thinks I’m at work!