Skip to Main Content
iPhone Forensics
book

iPhone Forensics

by Jonathan Zdziarski
September 2008
Intermediate to advanced content levelIntermediate to advanced
140 pages
3h 31m
English
O'Reilly Media, Inc.
Content preview from iPhone Forensics

Chapter 4. Forensic Recovery

In the previous chapter, you learned how to install a recovery toolkit on the iPhone. When the toolkit is installed, an OpenSSH daemon begins accepting connections on the device, and a Unix world is ready to service requests from the examiner. This chapter walks you through the process of configuring the iPhone to communicate with your desktop on the same Wi-Fi network so you can recover the raw media partition. Once recovered, you’ll be introduced to data recovery tools for carving and validating files, which you’ll use for further recovery of deleted files.

Configuring Wi-Fi and SSH

The media partition must be recovered over Wi-Fi, so your wireless network must be configured to connect the iPhone and desktop machine. Depending on the level of integrity your examination requires, the following options are available, each with differing levels of complexity:

  • Use an insecure access point with or without an encrypted tunnel or MD5 digests

  • Use a WPA-encrypted or WEP-encrypted access point

  • Use an ad-hoc network

WEP-encrypted networks suffer from an initialization vector vulnerability, where a malicious actor could deduce the network key by watching encrypted traffic as it flows across the network. This means that a WEP-encrypted network is susceptible to potential tampering while your data is in transit. To counter this, you may choose to use a network supporting WPA (Wi-Fi Protected Access), which is newer and more secure. Alternatively, the md5 utility, installed ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

iPhone and iOS Forensics

iPhone and iOS Forensics

Andrew Hoog, Katie Strzempka

Publisher Resources

ISBN: 9780596153588Supplemental ContentErrata Page