Mobile Devices: iPhone Risks and Forensic Tool Capability

aut.embargoNoen
aut.thirdpc.containsNo
aut.thirdpc.permissionNo
aut.thirdpc.removedNo
dc.contributor.advisorCusack, Brian
dc.contributor.authorKnight, Benjamin Andrew
dc.date.accessioned2011-05-02T21:35:47Z
dc.date.available2011-05-02T21:35:47Z
dc.date.copyright2010
dc.date.issued2010
dc.date.updated2011-05-02T20:51:28Z
dc.description.abstractThe research evaluates the capability of software based tools that extract data stored on an Apple iPhone. A literature review is performed covering material on: mobile devices, iPhone, hard disks, networking connectivity, usage environments, data integrity, evidence volatility, data extraction methods and operating systems. Literature shows that iPhone data extraction is complex due to hardware and software limitations. Understanding the capability of the tool used to retrieve data is important in ensuring a sound investigation. Based on literature a research methodology is defined. A descriptive approach is selected. The research process is split into three phases: test iPhone capability, evaluate extraction tools and compare extraction tools. At each phase data is collected, processed and analysed. At the first stage a “catalog” of known data stored on the iPhone is collected. At the second phase an audit “journal” of procedure and “extraction log” of extracted data is collected. At the last phase a sample set of weighted scenarios are used to analyse tool capability. Research findings indicate 12,963 files were extracted from an iPhone and classified in the catalog. Operating system limitations restrict user access to the iPhone file system. A method of opening access, known as jailbreaking, can be used to bypass such restrictions. Of the files in the catalog the highest result obtained by an extraction tool is 797 from Oxygen Forensics Suite 2010 and the lowest result is 178 from Device Seizure. Scenario analysis indicates Oxygen Forensics Suite 2010 works better in case scenarios whereas non-forensic tools have more limitations. Discussion of findings indicates that SQLite and Property List files are common sources of data storage on the iPhone. Analysis into the iPhone operating system shows that Apple has put multiple controls to limit access to the stored data. There is potential for further research in expanding research into extraction tool capability.
dc.identifier.urihttps://hdl.handle.net/10292/1196
dc.language.isoenen_NZ
dc.publisherAuckland University of Technology
dc.rights.accessrightsOpenAccess
dc.subjectForensics
dc.subjectiPhone
dc.subjectComputer forensics
dc.subjectDigital forensics
dc.subjectTool capability
dc.subjectMobile devices
dc.titleMobile Devices: iPhone Risks and Forensic Tool Capability
dc.typeThesis
thesis.degree.grantorAuckland University of Technology
thesis.degree.levelMasters Theses
thesis.degree.nameMaster of Forensic Information Technology
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
KnightBA.pdf
Size:
2.28 MB
Format:
Adobe Portable Document Format
Description:
Whole thesis
License bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
897 B
Format:
Item-specific license agreed upon to submission
Description:
Collections