LOOKING TO iPHONE BACKUP FILES FOR EVIDENCE EXTRACTION
نویسنده
چکیده
iPhone logical backup files can provide forensic examiners with almost the entire contents of its host phone up until the point that the backup took place. This paper serves to provide an overview of the information attainable via the analysis of an iPhone backup, making references to the applicability of such analysis in the digital forensics field. The paper introduces the backup directories for various common operating systems, and exposes the contents. Information about the property lists (plist files) containing information about the backed-up device and its contents are detailed, along with the mbdb/mbdx database files, and finally the extension-less backup files, is provided. Tools such as the iphonebackupbrowser, iPhone/iPod Backup Extractor and Oxygen Forensic Suite are discussed for their suitability with extracting iPhone backup data. Finally, a taxonomy of potential information of forensic interest is included, highlighting common filenames; the contained information; and their purpose in an investigation.
منابع مشابه
Exploring the iPhone Backup made by iTunes
Apple’sTM iPhoneTM is one of the widest selling mobile on the market, thanks to its simple and user-friendly interface and ever growing pool of available high quality applications for both personal and business use. The increasing use of the iPhone leads forensics practitioners towards the need for tools to access and analyze the information stored in the device. This research aims at describin...
متن کاملBlackBerry PlayBook Backup Forensic Analysis
Due to the numerous complicating factors in the field of small scale digital device forensics, physical acquisition of the storage of such devices is often not possible (at least not without destroying the device). As an alternative, forensic examiners often gather digital evidence from small scale digital devices through logical acquisition. This paper focuses on analyzing the backup file gene...
متن کاملProposal - Diploma Thesis ”Looking Through Time”
The initial idea of my diploma thesis was to realize certain parts of an AR application ”Looking Through Time” to support the following idea. A user captures a part of a building via his iPhone camera and views the captured scene augmented by a view on the scene centuries ago in the iPhone display. The system was intended to act in real-time thus adapting when the user changes perspective or po...
متن کاملParallel methods for the update of partitioned inverted files
Purpose – An issue which tends to be ignored in information retrieval is the issue of updating inverted files. This is largely because inverted files were devised to provide fast query service, and much work has been done with the emphasis strongly on queries. In this paper we study the effect of using parallel methods for the update of inverted files in order to reduce costs, by looking at two...
متن کاملAN OPTIMAL l / N BACKUP POLICY FOR DATA FLOPPY DISKS UNDER EFFICIENCY BASIS
A word processor has become one of essential devices used in offices. Document files created by using a word processor are generally preserved on a floppy disk 01' floppy disks for referencE's. Nevertheless, the files stored on a floppy disk art' occasionally lost due to human errors. the life of the floppy disk and a failure of hardware devices, which comprise the word processor. This is callp...
متن کامل