Suche senden
Hochladen
File000150
•
2 gefällt mir
•
1,205 views
Desmond Devendran
Folgen
Technologie
News & Politik
Melden
Teilen
Melden
Teilen
1 von 97
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
File000151
File000151
Desmond Devendran
File000152
File000152
Desmond Devendran
File000148
File000148
Desmond Devendran
File000142
File000142
Desmond Devendran
File000141
File000141
Desmond Devendran
File000149
File000149
Desmond Devendran
Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computers
Vi Tính Hoàng Nam
Ce hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warez
Vi Tính Hoàng Nam
Empfohlen
File000151
File000151
Desmond Devendran
File000152
File000152
Desmond Devendran
File000148
File000148
Desmond Devendran
File000142
File000142
Desmond Devendran
File000141
File000141
Desmond Devendran
File000149
File000149
Desmond Devendran
Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computers
Vi Tính Hoàng Nam
Ce hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warez
Vi Tính Hoàng Nam
File000143
File000143
Desmond Devendran
Ce hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devices
Vi Tính Hoàng Nam
File000144
File000144
Desmond Devendran
Ce hv6 module 66 security convergence
Ce hv6 module 66 security convergence
Vi Tính Hoàng Nam
Ce hv6 module 47 spying technologies
Ce hv6 module 47 spying technologies
Vi Tính Hoàng Nam
Ceh v5 module 17 physical security
Ceh v5 module 17 physical security
Vi Tính Hoàng Nam
File000139
File000139
Desmond Devendran
File000115
File000115
Desmond Devendran
Ce hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data loss
Vi Tính Hoàng Nam
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atom
Vi Tính Hoàng Nam
CHFI 1
CHFI 1
Desmond Devendran
Ce hv6 module 62 case studies
Ce hv6 module 62 case studies
Vi Tính Hoàng Nam
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilities
Vi Tính Hoàng Nam
Ce hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasures
Vi Tính Hoàng Nam
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Vi Tính Hoàng Nam
Ce hv6 module 60 firewall technologies
Ce hv6 module 60 firewall technologies
Vi Tính Hoàng Nam
Ch13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security Devices
phanleson
Presentation
Presentation
Musole Dominic
Cscu module 04 data encryption
Cscu module 04 data encryption
Alireza Ghahrood
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Priyanka Aash
мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]
Vlad Onyk
мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]
Vlad Onyk
Weitere ähnliche Inhalte
Was ist angesagt?
File000143
File000143
Desmond Devendran
Ce hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devices
Vi Tính Hoàng Nam
File000144
File000144
Desmond Devendran
Ce hv6 module 66 security convergence
Ce hv6 module 66 security convergence
Vi Tính Hoàng Nam
Ce hv6 module 47 spying technologies
Ce hv6 module 47 spying technologies
Vi Tính Hoàng Nam
Ceh v5 module 17 physical security
Ceh v5 module 17 physical security
Vi Tính Hoàng Nam
File000139
File000139
Desmond Devendran
File000115
File000115
Desmond Devendran
Ce hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data loss
Vi Tính Hoàng Nam
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atom
Vi Tính Hoàng Nam
CHFI 1
CHFI 1
Desmond Devendran
Ce hv6 module 62 case studies
Ce hv6 module 62 case studies
Vi Tính Hoàng Nam
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilities
Vi Tính Hoàng Nam
Ce hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasures
Vi Tính Hoàng Nam
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Vi Tính Hoàng Nam
Ce hv6 module 60 firewall technologies
Ce hv6 module 60 firewall technologies
Vi Tính Hoàng Nam
Ch13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security Devices
phanleson
Presentation
Presentation
Musole Dominic
Cscu module 04 data encryption
Cscu module 04 data encryption
Alireza Ghahrood
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Priyanka Aash
Was ist angesagt?
(20)
File000143
File000143
Ce hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devices
File000144
File000144
Ce hv6 module 66 security convergence
Ce hv6 module 66 security convergence
Ce hv6 module 47 spying technologies
Ce hv6 module 47 spying technologies
Ceh v5 module 17 physical security
Ceh v5 module 17 physical security
File000139
File000139
File000115
File000115
Ce hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data loss
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atom
CHFI 1
CHFI 1
Ce hv6 module 62 case studies
Ce hv6 module 62 case studies
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilities
Ce hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasures
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Ce hv6 module 60 firewall technologies
Ce hv6 module 60 firewall technologies
Ch13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security Devices
Presentation
Presentation
Cscu module 04 data encryption
Cscu module 04 data encryption
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Andere mochten auch
мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]
Vlad Onyk
мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]
Vlad Onyk
How to boot a VM form a Forensic Image
How to boot a VM form a Forensic Image
Krešimir Hausknecht
Mac Forensics
Mac Forensics
CTIN
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti Forensics
Mike Spaulding
Linux forensics
Linux forensics
Santosh Khadsare
WhatsApp Forensic
WhatsApp Forensic
Animesh Shaw
Types of Irrigation
Types of Irrigation
Pranamesh Chakraborty
Andere mochten auch
(8)
мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]
How to boot a VM form a Forensic Image
How to boot a VM form a Forensic Image
Mac Forensics
Mac Forensics
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti Forensics
Linux forensics
Linux forensics
WhatsApp Forensic
WhatsApp Forensic
Types of Irrigation
Types of Irrigation
Ähnlich wie File000150
File000092
File000092
Desmond Devendran
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
Prem Kumar (OSCP)
128-ch3.pptx
128-ch3.pptx
DeepakPanchal65
Android and ios cracking, hackintosh included !
Android and ios cracking, hackintosh included !
Veduruparthy Bharat
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Honeywell
Security Issues in Internet of Things
Security Issues in Internet of Things
Lohith Haravu Chandrashekar
Introduction to Embedded Linux
Introduction to Embedded Linux
Hossain Reja
ITE v5.0 - Chapter 8
ITE v5.0 - Chapter 8
Irsandi Hasan
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA
Aiman Hud
Programing for the iPhone
Programing for the iPhone
Mike Qaissaunee
iOS Forensics: where are we now and what are we missing?
iOS Forensics: where are we now and what are we missing?
Reality Net System Solutions
iPhone Sdk Winter Conference
iPhone Sdk Winter Conference
Mike Qaissaunee
Fa13 7718-ch2-mayers
Fa13 7718-ch2-mayers
Mary-Jo Apigo
Lesson 01 introduction to computer
Lesson 01 introduction to computer
Rodz Tech
File000129
File000129
Desmond Devendran
Defcon 22-cesar-cerrudo-hacking-traffic-control-systems
Defcon 22-cesar-cerrudo-hacking-traffic-control-systems
Priyanka Aash
pda forensics
pda forensics
saddamhusain hadimani
Firmware analysis 101
Firmware analysis 101
veerababu penugonda(Mr-IoT)
iPhone 3GS
iPhone 3GS
Shiv Prakash
CH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and Privacy
malik1972
Ähnlich wie File000150
(20)
File000092
File000092
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
128-ch3.pptx
128-ch3.pptx
Android and ios cracking, hackintosh included !
Android and ios cracking, hackintosh included !
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Security Issues in Internet of Things
Security Issues in Internet of Things
Introduction to Embedded Linux
Introduction to Embedded Linux
ITE v5.0 - Chapter 8
ITE v5.0 - Chapter 8
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA
Programing for the iPhone
Programing for the iPhone
iOS Forensics: where are we now and what are we missing?
iOS Forensics: where are we now and what are we missing?
iPhone Sdk Winter Conference
iPhone Sdk Winter Conference
Fa13 7718-ch2-mayers
Fa13 7718-ch2-mayers
Lesson 01 introduction to computer
Lesson 01 introduction to computer
File000129
File000129
Defcon 22-cesar-cerrudo-hacking-traffic-control-systems
Defcon 22-cesar-cerrudo-hacking-traffic-control-systems
pda forensics
pda forensics
Firmware analysis 101
Firmware analysis 101
iPhone 3GS
iPhone 3GS
CH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and Privacy
Mehr von Desmond Devendran
Siam key-facts
Siam key-facts
Desmond Devendran
Siam foundation-process-guides
Siam foundation-process-guides
Desmond Devendran
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledge
Desmond Devendran
Enterprise service-management-essentials
Enterprise service-management-essentials
Desmond Devendran
Service Integration and Management
Service Integration and Management
Desmond Devendran
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_en
Desmond Devendran
File000176
File000176
Desmond Devendran
File000175
File000175
Desmond Devendran
File000174
File000174
Desmond Devendran
File000173
File000173
Desmond Devendran
File000172
File000172
Desmond Devendran
File000171
File000171
Desmond Devendran
File000170
File000170
Desmond Devendran
File000169
File000169
Desmond Devendran
File000168
File000168
Desmond Devendran
File000167
File000167
Desmond Devendran
File000166
File000166
Desmond Devendran
File000165
File000165
Desmond Devendran
File000164
File000164
Desmond Devendran
File000163
File000163
Desmond Devendran
Mehr von Desmond Devendran
(20)
Siam key-facts
Siam key-facts
Siam foundation-process-guides
Siam foundation-process-guides
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledge
Enterprise service-management-essentials
Enterprise service-management-essentials
Service Integration and Management
Service Integration and Management
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_en
File000176
File000176
File000175
File000175
File000174
File000174
File000173
File000173
File000172
File000172
File000171
File000171
File000170
File000170
File000169
File000169
File000168
File000168
File000167
File000167
File000166
File000166
File000165
File000165
File000164
File000164
File000163
File000163
Kürzlich hochgeladen
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Pooja Nehwal
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Kürzlich hochgeladen
(20)
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
File000150
1.
Module XXXVII –
iPod and iPhone Forensics
2.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Students Charged: iPod Used as Criminal Tool Source: http://www.mobilemag.com/content/print.php?content=11780
3.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Sparking iPod Ignites Investigation in Japan Source: http://www.macnewsworld.com/story/62089.html?wlc=1221297637
4.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: iPhone Tantalizes, Frustrates Forensics Experts Source: http://www.wired.com
5.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • iPod • iPhone Overview • iPhone OS Overview • iPhone Disk Partitions • Apple HFS+ and FAT32 • iPod and iPhone Forensics • Write Blocking • Write Blocking in Different OS • Recover IPSW File • Forensic information from the windows registry • Timeline Generation • Tools This module will familiarize you with:
6.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow iPod iPhone Overview iPhone OS Overview iPhone Disk Partitions Apple HFS+ and FAT32 iPod and iPhone Forensics Write Blocking Write Blocking in Different OS Recover IPSW File Forensic information from the windows registry Timeline Generation Tools
7.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited iPod iPod is a portable digital audio and video player offering a huge storage capacity • It is an iPod with Wi-Fi and a Multi- Touch interface • It features Safari browser and wireless access to the iTunes Store and YouTube • It has iPhone OS as operating system iPod Touch:
8.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited iPhone Overview The iPhone is an Internet-connected multimedia Smartphone designed and marketed by Apple Inc. with a multi-touch screen and a minimal hardware interface • Phone • Mail • Safari • iPod • SMS • Maps with GPS • iTunes • App Store • Calendar • YouTube • Photos + Camera • Stocks, Weather, Notes • Calculator Features:
9.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What a Criminal Can Do with an iPod • Calendar entries may contain dates of crime or other events that are related to crime • Contact information of conspirators or victims along with photos or other documentation are transferred and stored on iPod • iPod devices can be used to spread viruses and child pornography A criminal uses the iPod and all its features in a variety of ways:
10.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What a Criminal Can Do with an iPhone Send the viruses and Trojans to other users Use for distributing child pornography images and videos Data theft Store and transmit personal and corporate information Send threatening or offensive SMS and MMS Attackers who aware of the SIM properties can manipulate it Clone the SIM data for illicit use Remove the Service Provider Lock (SP-Lock), limit the MS to a single network Spamming
11.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited iPhone OS Overview iPhone OS is the operating system developed by Apple Inc. for iPhone and iPod touch It is derived from Mac OS X and uses the Darwin foundation iPhone OS has four abstraction layers: • The core OS layer • The core services layer • The media layer • The cocoa touch layer It takes less than half a GB of the device's total memory storage iPhone OS Cocoa Touch Media Core Services Core OS
12.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited iPhone Disk Partitions iPhone’s solid state NAND flash memory is configured with two disk partitions by default • 300MB in size • It contains iPhone OS and all of the preloaded applications • It is mounted as read-only by default Root Partition: • It contains the user’s data such as music, photos etc. • It is mounted as /private/var on the iPhone User Partition:
13.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Apple HFS+ and FAT32 iPod uses the Apple HFS+ file system when the device is run with an Apple system and uses the FAT32 file system when used with a Windows PC When conducting forensics analysis of the iPod, it is important to know which type of system the iPod has been synchronized with Knowledge of the format used, makes it easier to match the iPod device to the host that it has been synchronized with
14.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Application Formats Feature Application Format Contact information vCard Calendar entries vCalendar Audio AAC, Protected AAC, MP3, MP3 VBR, Audible (formats 2, 3, and 4), Apple Lossless, AIFF, and WAV Video H.264 video, .m4v, .mp4, MPEG-4 video, and .mov
15.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited iPod and iPhone Forensics iPod and iPhone Forensics refers to the recovery of digital evidence from a iPod and iPhone under forensically sound conditions using accepted methods It includes recovery and analysis of data It helps in tracing and prosecuting criminals where iPod and iPhones are used as a mean for committing the crime It also helps in other criminal cases to extract contact details and conversation or other form of communication logs Data stored in iPod and iPhones provide insight of the cases
16.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Evidence Stored on iPod and iPhone Text messages Calendar events Photos and videos Caches Logs of recent activity Map and satellite imagery Personal alarms Notes Music Email Web browsing activity Passwords and personal credentials Fragments of typed communication Voicemail Call history Contacts Information pertaining to interoperability with other devices Items of personal interest
17.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Forensic Prerequisites • Mac OS X and Windows machine with enough disk space • iPod/iPhone USB dock connector Hardware • SSH connection tools such as OpenSSH, PuTTY, SecureCRT, OpenSSH for Windows, and TeraTerm Pro Web for windows and Nifty Telnet SSH and SSH in Mac OS X for Mac OS • Secure Copy or SCP utilities such as WinSCP, PenguiNet for Windows, OpenSSH, SecPanel and Midnight Commander for Unix-like systems and Fugu and Cyberduck for Mac OS X • Latest versions of iTunes software Software • A working Wi-Fi access point • 3G and EDGE Internet access Others
18.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Collecting iPod/iPhone Connected with Mac If an iPod/iPhone is connected to a computer at the scene, check whether the device is mounted Determine whether a device is mounted by looking at the screen of the iPod/iPhone Unmount the device before disconnecting it from the computer by dragging the icon of the iPod/iPhone to the trashcan on the Macintosh desktop
19.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Collecting iPod/iPhone Connected with Windows Note the name of the iPod/iPhone on desktop before unmounting it If iPod/iPhone is connected to Windows machine, unmount it by clicking “Unplug or eject hardware” icon on the task bar Disconnect or unplug the computer, because the iPod/iPhone disk could be damaged if it is not disconnected properly
20.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Disable Automatic Syncing It prevents cross contamination of iPod/iPhone data Check the box labeled "Disable automatic syncing for all iPhones and iPods" Click the Syncing tab Select Preferences from the iTunes menu Open iTunes on the desktop machine
21.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Write Blocking Write blocking is a technique used in computer forensics in order to maintain the integrity of data storage devices While investigating the contents of iPod and iPhone, it is necessary to investigate the device without altering it Use software writer blocker such as PDBLOCK and hardware write blockers such as WiebeTech Forensic SATADock to prevent the information from alteration
22.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Write Blocking in Different OS • Change the registry key HKEY_LOCAL_MACHINESystemCurrentControls etControlStorageDevicePolicies to the hex value of 0x00000001 and restart the computer Windows: • Modify the source code for the components of OS and recompile its operating system to prevent write access to the iPod/iPhone • Change the OS configuration Linux: • It is based upon the UNIX concepts, so change the OS configuration as in the Linux Macintosh:
23.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Image the Evidence Imaging is the process of creating an exact copy of contents of a digital device It prevents the original evidence from accidental modification Use imaging tools such as EnCase to create the exact image of the iPod/iPhone Verify the source and image using hashing technique
24.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited View the iPod System Partition View the iPod system partition using hex editor iPod system partition consists of the following information: • iPod OS • Images used in the operation of the device • Games and other applications used in the device
25.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited View the Data Partition Data partition of the iPod stores the important information necessary for investigation The information includes: • Calendar entries • Contact entries • Note entries • Hidden iPod_Control directory • iTunes configuration information • Music stored on the iPod View this partition information using Forensic Toolkit, Encase, a hex editor, and various Linux and Macintosh analysis commands
26.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Break Passcode to Access the Locked iPhone • From the keypad, press the Emergency Call button • Type *#301# followed by the green [phone] button • Delete the previous entry by hitting the delete key six times • Type the number 0 followed by the green [phone] button • Answer the call by pressing the green [phone] button • End the call by pressing the red [phone] button • Press the [Decline] button • In the Contacts tab, press the [+] button at the top to create a new contact • In the Add new URL tab, Enter prefs: and press the [save] button • Touch the No Name contact entry • Click the home page prefs: button • Click the General tab in setting menu • Click the Passcode Lock tab • Click the Turn Passcode Off tab • Return to the General tab by clicking on [cancel] • Click Auto-Lock and reset it to Never
27.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire the DeviceInfo File • First data item recorded in the file denotes the iPod name • Second data item denotes the username logged into the computer at the time • Third data item denotes computer name to which iPod is linked Information in the file includes: The file iPod_ControliTunesDeviceInfo on the iPod contains the important forensics information iPod keeps a persistent record of the computer with which it is initialized in DeviceInfo file iTunes create this file when the iPod is setup within iTunes and linked with the computer on which iTunes is running
28.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire SysInfo File The file iPod_ControlDeviceSysInfo on the iPod contains the important forensics information • iPod model number • iPod serial number • iPod serial number presents to the computer, listed under the identification of FirewireGuid • This identifier identifies the connection of the iPod to a Windows computer and recorded in the Windowssetupapi.log file Information includes:
29.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SysInfo File (cont’d)
30.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Recover IPSW File .IPSW is iPod and iPhone Software Update file format .ipsw file contains the data about software restores and minor updates in the iPod/iPhone It is stored in the following location in the iPhone: • Library/iTunes/iPhone Software Updates .ipsw file gives information of the running, installed and uninstalled application
31.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check the Internet Connection Status E on screen shows slower Edge network 3G icon shows the faster but limited- area third-generation network Radiating signal bars show Wi-Fi connectivity
32.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited View Firmware Version • Select Home button → Settings → General → About • Check the entry for Version In iPhone With the iPod/iPhone connected to iTunes, click on the iPod in the left column of iTunes window → go to the Summary tab
33.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Recover Network Information Network information can be recovered using Devinfo application in the iPhone Devinfo application includes the following information: • Network interfaces including VPN, GPRS/EDGE/3G, WiFi • TCP/UDP connections • Routing table • Running processes • System info, memory, and disk usage
34.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Recovering Data from SIM Card • Service-related information such as unique identifiers for the (U)SIM, the Integrated Circuit Card Identification (ICCID), the subscriber, and the International Mobile Subscriber Identity (IMSI) • Phonebook and call information such as Abbreviated Dialing Numbers (ADN) and Last Numbers Dialed (LND) • Messaging information including SMS, EMS, and multimedia messages • Location information, including Location Area Information (LAI) for voice communications and Routing Area Information (RAI) for data communications SIM contains important information related to the forensics investigation: • SIM Analyzer • SIMCon • SIM Card Data Recovery Software SIM card data can be recovered using the following tools:
35.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire the User Account Information iPod keeps a persistent record of the computer with which it is initialized in DeviceInfo file User and computer names are saved in DeviceInfo file The username is directly underneath the iPod‘s name and the computer’s name is underneath the username in the DeviceInfo file If the username stored on the iPod is same as the username of Mac computer , then iPod is linked to suspect’s computer and suspect’s account
36.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited View the Calendar and Contact Entries Calendar and Contact Entries are found on iPod by doing string search The standard vCard and vCalendar formats store the entries on hard drive in plain text Calendar entry is stored with file header “BEGIN:VCALENDAR” The contact entry is stored with file header “BEGIN:VCARD” File headers note the beginning of each vCalendar or vCard entry and remains even if a file is deleted
37.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Recovering Photos iTunes is used to manage the content of the iPhone Steps for recovering photos: • Connect the laptop with the iPhone • Run iTunes • Click the Photos tab • Adjust the setting • Specify the folder to which photos should be synced Photos can be directly downloaded using Cellebrite UME 36 Pro
38.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Recovering Address Book Entries Check the address book entries, which are stored in the following database in the iPhone: • Library_AddressBook_AddressBook.sqlitedb • Library_AddressBook_AddressBookImages.sqlite db Retrieve the databases using iTunes Use the tools such as Cellebrite UME 36 Pro and WOLF to recover address book entries after connecting it with the iPhone
39.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Recovering Calendar Events Check the calendar events stored in the following database in the iPhone: • Library_Calendar_Calendar.sqlitedb Retrieve this database using iTunes Use the tool Cellebrite UME 36 Pro to recover calendar events after connecting it with the iPhone
40.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Recovering Call Logs Call logs are stored in the following database in the iPhone: • Library_CallHistory_call_history.db They include : • Dialed Numbers • Received Numbers • Missed Calls They can be recovered using the tool WOLF
41.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Recovering Map Tile Images Map tile images are stored in the following database of the iPhone: • Library_Maps_Bookmarks.plist • Library_Maps_History.plist Use Cellebrite UME 36 Pro to directly recover map tile images after connecting it with the iPhone
42.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Recovering Cookies Cookies are stored in the following database in the iPhone: • Library_Cookies_Cookies.plist It can be downloaded to a computer during an iTunes sync process
43.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Recovering Cached and Deleted Email Email is stored in the following database of the iPhone: • Library_Mail_Accounts.plist • Library_Mail_AutoFetchEnabled It can be downloaded to a computer during an iTunes sync process
44.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Recover Deleted Files Deleted files on the iPod are moved to “.Trashes501” folder These deleted files in the “.Trashes501” are viewed using the file viewer which recognizes the hidden files or forensics tools Once the trash is emptied, the files are deleted, but can still be found by using the deleted file recovery process of the forensic tool in the “.Trashes501” folder
45.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Forensic Information from the Windows Registry • Key created while connecting iPod/iPhone to the windows computer • Last time when registry keys were changed • Serial number of the iPod/iPhone System registry file consists of: Windows registry in the computer to which iPod is connected, contains significant information for the iPod/iPhone forensics
46.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Forensic Information from the Windows Registry (cont’d)
47.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Forensic Information from the Windows: setupapi.log Computer to which the iPod is connected consists of setupapi.log file This setupapi.log file records all the driver installation after the system is booted It records all the events when iPod is connected to the Windows system
48.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited setupapi.log (cont’d)
49.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Recovering SMS Messages SMS can be recovered using the tool Tansee iPhone Transfer SMS SMS is stored in the following file in the iPhone: • Library_SMS_sms.db
50.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Other Files Which Are Downloaded to the Computer During the iTunes Sync Process Library_Keyboard_dynamic-text.dat Library_LockBackground.jpg Library_Notes_notes.db Library_Preferences_.GlobalPreferences.plist Library_Preferences_SBShutdownCookie Library_Preferences_SystemConfiguration_com.apple.AutoWake.plist Library_Preferences_SystemConfiguration_com.apple.network.identification.plist Library_Preferences_SystemConfiguration_com.apple.wifi.plist Library_Preferences_SystemConfiguration_preferences.plist Library_Preferences_com.apple.AppSupport.plist Library_Preferences_com.apple.BTServer.plist
51.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Other Files Which Are Downloaded to the Computer During the iTunes Sync Process (cont’d) Library_Preferences_com.apple.Maps.plist Library_Preferences_com.apple.MobileSMS.plist Library_Preferences_com.apple.PeoplePicker.plist Library_Preferences_com.apple.Preferences.plist Library_Preferences_com.apple.WebFoundation.plist Library_Preferences_com.apple.calculator.plist Library_Preferences_com.apple.celestial.plist Library_Preferences_com.apple.commcenter.plist Library_Preferences_com.apple.mobilecal.alarmengine.plist Library_Preferences_com.apple.mobilecal.plist
52.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Other Files Which Are Downloaded to the Computer During the iTunes Sync Process (cont’d) Library_Preferences_com.apple.mobileipod.plist Library_Preferences_com.apple.mobilemail.plist Library_Preferences_com.apple.mobilenotes.plist Library_Preferences_com.apple.mobilephone.plist Library_Preferences_com.apple.mobilephone.speeddial.plist Library_Preferences_com.apple.mobilesafari.plist Library_Preferences_com.apple.mobileslideshow.plist Library_Preferences_com.apple.mobiletimer.plist Library_Preferences_com.apple.mobilevpn.plist
53.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Other Files Which Are Downloaded to the Computer During the iTunes Sync Process (cont’d) Library_Preferences_com.apple.preferences.network.plist Library_Preferences_com.apple.preferences.sounds.plist Library_Preferences_com.apple.springboard.plist Library_Preferences_com.apple.stocks.plist Library_Preferences_com.apple.weather.plist Library_Preferences_com.apple.youtube.plist Library_Preferences_csidata Library_Safari_Bookmarks.plist Library_Safari_History.plist
54.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Analyze the Information Find out username and computer used by examining the iPod_ControliTunesDeviceInfo file Detect and recover the hidden information Use the steganalysis tools such as Stegdetect to extract the hidden information If the data is encrypted, use cryptanalysis tools such as Crank and Jipher to reveal the encrypted information If the information is password protected, use the password cracking tools such as Cain and Abel and hydra If the data is in audio or video format, use different audio/video players Check the time of different activities over the iPod Check what exactly happened, what event occurred, who was involved, and how it occurred
55.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Analyze the Information (cont’d) Identify the individuals who created, modified, or accessed a file Determine when events occurred by analyzing call logs, the date/time and content of messages and email Create the timeline of the events Recover the hidden information If the entries such as SMS, contacts, emails, etc. are encrypted then use cryptanalysis tools such as crank Use password cracking tools such as Hydra to read the password protected information Try to find out the geographical location of the attacker
56.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Timeline Generation iPod generates timestamp for each file, timestamp is the time of different activities performed on the iPod files Investigator should create the timeline schedule for analysis • iPod_ControlDeviceSysInfo modified time • iPod_ControliTunesiTunesControl creation time • iPod_ControliTunesDeviceInfo (and others) modified time • iPod when connected to the computer and initialized • Creation time for all music files • Modification time of all music files Timeline should be created depending on:
57.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Timeline Generation: File Status After Initializing the iPod with iTunes and Before Closing iTunes
58.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Timeline Generation: File Status After Connecting iPod to the Computer for Second Time, Copying Music, and Closing iTunes
59.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Time Issues iPod consists of the internal clock Forensics investigator has to understand how time is reflected in the data being analyzed • Set the time and date on the iPod different from the computer connected to it • Connect the iPod to the computer and copy some music to the iPod using iTunes; note down created, accessed, and modified times of the files • Disconnect the iPod from the computer • Check the time on the internal clock of the iPod • Play the songs on the iPod • Reconnect the iPod to the computer • Recheck the file created, accessed, and modified times Internal clock of the iPod is tested with the following steps:
60.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Jailbreaking in iPod Touch and iPhone
61.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Jailbreaking Jailbreaking allows the installation of third-party applications on iPod Touch and iPhone
62.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited AppSnapp http://jailbreakme.com/ • Patches Springboard to load third party apps • Activates non-AT&T iPhones automatically, while leaving already activated phones alone • Fixes YouTube on non-AT&T iPhones automatically, while leaving already activated phones alone • Installs Installer.app v3.0 on the iPhone/iPod Touch with Community Sources preinstalled • Fixes Apple's TIFF bug, making your device MORE secure than it was without AppSnapp • Enables afc2 protocol and adds special commands to allow killing springboard, lockdowns, etc from iPhone Features: AppSnapp is a jailbreaking tool that allow the installation of non-sanctioned third-party applications in the iPod Touch/iPhone running the 1.1.1 firmware It jailbreaks the iPod Touch/iPhone and then pushes Installer.app to the device, which contains a catalog of native applications that can be installed directly over a WiFi or EDGE connection
63.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited AppSnapp: Screenshot
64.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool for Jailbreaking: iFuntastic http://ifuntastic.com/ iFuntastic is an iPod Touch hacking and modification tool It has full file browser feature, which simply browses the iPod Touch's internal file system, and edit UI images
65.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited iFuntastic: Screenshot 1
66.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited iFuntastic: Screenshot 2
67.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Pwnage: Tool to Unlock iPod Touch http://wikee.iphwn.org/ Pwnage is the tool used to unlock the locked iPod Touch
68.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Erica Utilities for iPod Touch http://ericasadun.com/ Erica helps investigator to extract different forensics information about the iPod touch Features: • Query your iPod or iPhone for device attributes including platform name, processor, etc • Search the App Store from the command line. • Enter a simple query phrase
69.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tools
70.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited EnCase http://www.encase.co.za/ EnCase is the most efficient and user-friendly tool for recovering data from HFS+ file system It displays the file structure of HFS+ formatted device, including hidden folders It automatically displays deleted files Find File script is used to recover deleted files including images and Word documents
71.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited EnCase: Screenshot
72.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DiskInternals Music Recovery DiskInternals Music Recovery is an effective solution for recovering media files which have been deleted or corrupted Even if the storage device was formatted and all information was erased, or if the information is corrupted, the media files can be recovered by using DiskInternals Music Recovery With DiskInternals Music Recovery, one will be able to restore almost any music as it supports a number of media formats, including mp3, wma, asf, wav, ogg, wv, ra, rm, vqf, mid, and voc The program also works with all file systems.; and supports Windows, Mac OS, Linux, and other disk types
73.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DiskInternals Music Recovery: Screenshot
74.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Recover My iPod: Tool http://www.recovermyipod.com/ Specifically designed for iPod data recovery, Recover My iPod will bring back music, video and photos from an iPod drive; recovers deleted or lost files from your iPod
75.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited iPod Data Recovery Software http://www.datadoctor.in/ iPod data recovery software recovers files from Apple iPods • Recover deleted songs, music, files, pictures, videos, mp3, mp4 and other files from the iPod digital music player • Support all major Apple iPods including iPod Mini, iPod Nano, iPod Shuffle and iPod first to iPod next generation audio video models • Retrieve files and folders when updated and restored using iTunes software Features:
76.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited iPod Data Recovery Software: Screenshot
77.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited iPod Copy Manager iPod Copy Manager is an iPod backup & recovery software By using iPod Copy Manager, songs, videos, and DVD movies can be copied easily from iPod to computer You can backup all the iPod videos and music
78.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited iPod Copy Manager: Screenshot
79.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Stellar Phoenix iPod Recovery http://www.stellarinfo.com/ Stellar Phoenix iPod Recovery software recovers music files, graphics, videos, documents and other contents which have been corrupted, damaged or deleted from the iPod It recovers information from an iPod when it creates the following problems: • “The iPod ** cannot be updated, the required folder cannot be found" • "Disk is locked" • "iTunes folder cannot be found" • "Firmware update failure" • "There was an error in the iTunes Store. Please try again later." • "Unable to Check for Purchased Music because an error occurred (-5000 error)." • "Can't lock iPod. Please check if any other applications are using iPod and try again." • "Error 1428" • "Error 1417" • "Error 60" • "Error 200”
80.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Stellar Phoenix iPod Recovery: Screenshot
81.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: Aceso http://www.radio-tactics.com/ Aceso is the forensic tool which download data stored in mobile phone SIM/USIM cards, handsets and memory cards Features • Handset Access Card creation • Blocks network access for all SIM and USIM cards • Prevents overwrite of existing data • SIM/USIM Acquisition • Dual mode also supported • Handset Acquisition • 421 Supported Handsets including Blackberry, Symbian and iPhone • Data types supported: contacts, SMS, MMS, call registers, calendar, file system • Memory Card Acquisition • Raw bit-for-bit image • File system
82.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: Cellebrite UME 36 Pro http://www.cellebrite.com Cellebrite UME 36 Pro is the forensic tool which transfer all forms of memory content as a backup It support wide range of mobile phones, smart phones and PDAs including iPhone The content which Cellebrite can transfer are as following: • Pictures • Videos • Ringtones • SMS • Phonebook contacts data
83.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: Wolf http://sixthlegion.com Wolf is the application which retrieved the content stored in iPhone It extract the content without jailbreaking The content which it can extract are as follows: • Handset Info • Contacts • Call Logs • Messages • Internet Info & History • Photos • Music / Videos
84.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Wolf: Screenshot
85.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: Device Seizure http://www.paraben-forensics.com Text messages and images can be found in a physical data dump of a phone Device Seizure can acquire the following data: • SMS History (Text Messages) • Deleted SMS (Text Messages) • Phonebook • Call History Received Calls • Dialed Numbers • Missed calls • Call Dates & Durations • Datebook • Scheduler • Calendar • To-Do List • File system
86.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: PhoneView http://www.ecamm.com/ PhoneView provides easy access to iTunes media, photos, notes, SMS messages, call history and contacts Features: • File Storage Made Easy: makes it simple to transfer files between Mac and iPhone • Powerful Notes Access: it add, view and edit iPhone's Notes on Mac desktop • Export SMS Messages and Recent Calls: this information can be viewed in text editor or spreadsheet
87.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: iPhone Drive http://www.findmysoft.com/ iPhoneDrive is a Mac OS X application which allow use of iPhone for file storage Its drag and drop feature makes it easy to move files back and forth between the Mac and iPhone Features: • It stores any type of data • Copy files and folders to and from the iPhone • Back up important data
88.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited iPhone Drive: Screenshot
89.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: Tansee iPhone Transfer SMS http://pocket.qweas.com/ Tansee iPhone Transfer SMS is the tool which copies the SMS from the iPhone to the computer Features: • Backup SMS in iPhone to computer • View and manage old iPhone SMS in the computer • View SMS in text file format or ants file format on computer • Password protection support for ants file
90.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: SIM Analyzer http://cpa.datalifter.com/ SIM Analyzer is a cell phone forensics tool, that recovers the contents from SIM card of different cell phones It recovers: • Last Number Dialed, Abbreviated Dialing Numbers • Active and Deleted text (SMS) messages • All the general files found in the Telecom group as defined in the GSM 11.11v6 standards
91.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: SIMCon – SIM Card Recovery http://www.simcon.no/ SIMCon is a program that allows the user to securely image all files on a GSM/3G SIM card to a computer file with the SIMCon forensic SIM card reader Features: • Read all available files on a SIM card and store in an archive file • Analyze and interpret content of files including text messages and stored numbers • Recover deleted text messages stored on the card but not readable on phones • Manage PIN and PUK codes • Compatible with SIM and USIM cards • Print report that can be used as evidence based on user selection of items • Secure file archive using MD5 and SHA1 hash values • Export items to files that can be imported in popular spreadsheet programs
92.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SIMCon: Screenshot
93.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: SIM Card Data Recovery Software http://www.datadoctor.in SIM Card Data Recovery Software recovers accidentally deleted data from mobile phone SIM card Features: • Retrieve all deleted contact numbers (phone numbers), unreadable messages, corrupt phone book directory • Undelete both viewed and unread inbox text SMSes, outbox messages; and draft, save, and favorite, text messages; and sent items that have been deleted from SIM card memory • Provides full details about a SIM card, like its provider and ICC–ID
94.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SIM Card Data Recovery Software: Screenshot
95.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary The iPod has gathered interest from the criminal community as a tool to store information relating to their crimes Contact information of conspirators or victims along with photos or other documentation are transferred and stored on iPod iPod should be stored in a static-free bag and marked as evidence
96.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
97.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Jetzt herunterladen