Chapter 4. Forensic Recovery
In the previous chapter, you learned how to install a recovery toolkit on the iPhone. When the toolkit is installed, an OpenSSH daemon begins accepting connections on the device, and a Unix world is ready to service requests from the examiner. This chapter walks you through the process of configuring the iPhone to communicate with your desktop on the same Wi-Fi network so you can recover the raw media partition. Once recovered, you’ll be introduced to data recovery tools for carving and validating files, which you’ll use for further recovery of deleted files.
Configuring Wi-Fi and SSH
The media partition must be recovered over Wi-Fi, so your wireless network must be configured to connect the iPhone and desktop machine. Depending on the level of integrity your examination requires, the following options are available, each with differing levels of complexity:
Use an insecure access point with or without an encrypted tunnel or MD5 digests
Use a WPA-encrypted or WEP-encrypted access point
Use an ad-hoc network
WEP-encrypted networks suffer from an initialization vector vulnerability, where
a malicious actor could deduce the network key by watching encrypted
traffic as it flows across the network. This means that a WEP-encrypted
network is susceptible to potential tampering while your data is in
transit. To counter this, you may choose to use a network supporting WPA
(Wi-Fi Protected Access), which is
newer and more secure. Alternatively, the md5 utility, installed ...