iPhone Forensics: Recovering Evidence, Personal Data, and Corporate Assets [Paperback]

Jonathan Zdziarski (Author)

Book Description

Publication Date: September 19, 2008

"This book is a must for anyone attempting to examine the iPhone. The level of forensic detail is excellent. If only all guides to forensics were written with this clarity!" -Andrew Sheldon, Director of Evidence Talks, computer forensics experts

With iPhone use increasing in business networks, IT and security professionals face a serious challenge: these devices store an enormous amount of information. If your staff conducts business with an iPhone, you need to know how to recover, analyze, and securely destroy sensitive data. iPhone Forensics supplies the knowledge necessary to conduct complete and highly specialized forensic analysis of the iPhone, iPhone 3G, and iPod Touch. This book helps you:

• Determine what type of data is stored on the device
• Break v1.x and v2.x passcode-protected iPhones to gain access to the device
• Build a custom recovery toolkit for the iPhone
• Interrupt iPhone 3G's "secure wipe" process
• Conduct data recovery of a v1.x and v2.x iPhone user disk partition, and preserve and recover the entire raw user disk partition
• Recover deleted voicemail, images, email, and other personal data, using data carving techniques
• Recover geotagged metadata from camera photos
• Discover Google map lookups, typing cache, and other data stored on the live file system
• Extract contact information from the iPhone's database
• Use different recovery strategies based on case needs

And more. iPhone Forensics includes techniques used by more than 200 law enforcement agencies worldwide, and is a must-have for any corporate compliance and disaster recovery plan.

Editorial Reviews

About the Author

Jonathan Zdziarski is better known as the hacker "NerveGas" in the iPhone development community. His work in cracking the iPhone helped lead the effort to port the first open source applications, and his book, iPhone Open Application Development, taught developers how to write applications for the popular device long before Apple introduced its own SDK. Prior to the release of iPhone Forensics, Jonathan wrote and supported an iPhone forensics manual distributed exclusively to law enforcement. Jonathan frequently consults law enforcement agencies and assists forensic examiners in their investigations. He teaches an iPhone forensics workshop in his spare time to train forensic examiners and corporate security personnel.

Jonathan is also a full-time research scientist specializing in machine learning technology to combat online fraud and spam, an effort that led him to develop networking products capable of learning how to protect customers. He is founder of the DSPAM project, a high-profile, next-generation spam filter that was acquired in 2006 by Sensory Networks, Inc. He lectures widely on the topic of spam and is a foremost researcher in the fields of machine-learning and algorithmic theory.

Jonathan's website is zdziarski.com.

Product Details

• Paperback: 144 pages
• Publisher: O'Reilly Media; 1 edition (September 19, 2008)
• Language: English
• ISBN-10: 0596153589
• ISBN-13: 978-0596153588
• Product Dimensions: 6 x 0.4 x 9 inches
• Shipping Weight: 7.2 ounces (View shipping rates and policies)
• Average Customer Review: 3.8 out of 5 stars  See all reviews (10 customer reviews)
• Amazon Best Sellers Rank: #767,221 in Books (See Top 100 in Books)
  • #30 in Books > Computers & Technology > Apple > Home Computing & How-to > iPhone
  • #43 in Books > Computers & Technology > Digital Media Management > MP3 & Music Management
  • #74 in Books > Computers & Technology > Networking > Telephony

More About the Author

Discover books, learn about writers, read author blogs, and more.

Most Helpful Customer Reviews

20 of 24 people found the following review helpful

3.0 out of 5 stars Well-written and informative, but over-priced September 27, 2008

By Priscilla Oppenheimer

Format:Paperback|Amazon Verified Purchase

I wish the author had just put the info on a free website. The book is just a document, a pamphlet as another reviewer mentioned. I feel a bit ripped-off. In fact, in one place the author actually says "before proceeding, ensure that the firmware ... falls within the range of versions supported by this document." He is referring to the book but calling it a document. I think he intended it to be just a document and O'Reilly convinced him to make it a book so O'Reilly could make some money.

As far as technical material, it's all good and well-written. There are a few cases where it appears the O'Reilly editor might have cluelessly changed a sentence, but those cases are rare compared to some professionally-edited books. There are some typos, even in the author's bio! But few compared to many books. The index was rushed, I'm guessing. It didn't include the items I wanted to find.

The only other caveat I can think of is that if you are considering forensically analyzing your iPhone just for fun, be prepared for quite a bit of work and possible headaches. With firmware 2.x, there are numerous, reasonably complex steps that must be followed. You will need lots of time and patience and little aversion to risk. Note that you are jail-breaking your phone so that you can install utilities in the system partition, which voids the warranty from what I understand. Also, you could brick your iPhone, though in theory you could restore it if there are problems.

All in all, great info for forensics examiners in law-enforcement and corporations. I give it three stars instead of five because of the high price for a pamphlet.

22 of 30 people found the following review helpful

1.0 out of 5 stars Overpriced and thin September 24, 2008

By Tim Crothers

Format:Paperback

I normally don't leave reviews but my copy showed up today and I wanted to warn folks. This book is less then 100 pages. Looking closer at the listing it does say 138 but it is 120 with the index. Till you drop out the fluff you're left with little more then a pamphlet. Honestly I never even looked at page count when I pre-ordered as it was an O'Reilly book. It is very thin. Information is okay (still working through it) but to charge [...] for a book this small is ludicrous. I've never been this disappointed in an O'Reilly title - some have been so-so but never a down-right ripoff. My copy will be returning.

3 of 3 people found the following review helpful

4.0 out of 5 stars Great introduction to iPhone forensics August 2, 2010

By ueberhund VINE™ VOICE

Format:Paperback

This is an invaluable resource to understanding forensic details in regards to the iPhone. While it is small in size (coming in at just over 100 pages), it is dense in detail. This book provides good detail about where data on the iPhone is located, how to recover it, and how to keep your forensic footprint small.

For readers not as versed in computer forensics, the book does a good job introducing the subject. The iPhone is disceted in detail, and much information is provided regarding how to access the details of the phone that Apple doesn't want you to get at. Once you get at that information, the book shows how to extract that data onto a non-iPhone device. This is a great read for anyone who may have to deal with recovering data off an iPhone due to terminiation or other law enforcement issues.

My only complaint about the book is that this first edition was printed in September 2008, so it's missing some information about current versions of the iPhone firmware and hardware for the iPhone 3GS iPhone 4. Aside from that single issue, this is an excellent resource, and certainly a great resource for hardware up to the iPhone 3 and firmware versions up to 2.x.