iOS Forensics Tools

  • Home
  • /
  • iOS Forensics Tools

Founded in 1990, ElcomSoft Co. Ltd. is a leading developer of digital forensics tools. The company offers state-of-the-art solutions for businesses, forensic and law enforcement specialists, provides training and consulting services on mobile and computer forensics. ElcomSoft forensic products and tools are used for criminal investigations by the law enforcement. Today, the company offers the complete range of mobile and computer forensic tools, corporate security solutions and tools for IT security audits. ElcomSoft tools are used by most of the Fortune 500 corporations, multiple branches of the military all over the world, foreign governments, and all major accounting firms. ElcomSoft is a Microsoft Partner (Gold Application Development), Intel Premier Elite Partner and member of NVIDIA’s CUDA/GPU Computing Registered Developer Program.

iOS Device Dashboard
There is a plethora of Apple’s iOS-based devices on the market. From a forensics standpoint, our learning curve as examiners has increased in our handling of these devices over the years. To that end, I have collected personal notes as I have dealt with these devices as I am sure most forensicators have. I recently decided to compile all of my notes into a single place and build upon the work that I observed that was recently compiled by Dylan and referenced by Heather Mahalik on her SmarterForensics blog. If you conduct forensics on iPhones or iPads, hopefully you’ll find this reference chart useful.

libimobiledevice is a cross-platform software library that talks the protocols to support iPhone®, iPod Touch®, iPad® and Apple TV® devices. Unlike other projects, it does not depend on using any existing proprietary libraries and does not require jailbreaking. It allows other software to easily access the device’s filesystem, retrieve information about the device and it’s internals, backup/restore the device, manage SpringBoard® icons, manage installed applications, retrieve addressbook/calendars/notes and bookmarks and (using libgpod) synchronize music and video to the device.

iPhone Research Tool
This FREE research tool, developed in 2014 by researchers at University of New Haven (UNH) Cyber Forensics Research & Education Group / Lab, LiFE (Logical iOS Forensic Examiner) is an open source tool for iOS backup examination.

Tools and information on iOS 4/5 data protection features.

the iPhone wiki
Every iOS firmware for all iOS devices you need to download.

Mobile Security Wiki
One LARGE iOS security resource for all kinds of environments. Be sure to click the Apple logo at the top of the page to get iOS specific tools.

A platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files.

Jonathan Zdziarski’s Blog of Things
Jonathan Zdziarski is considered, worldwide, to be among the foremost experts in iOS related digital forensics and security. As an iOS security expert in the field (sometimes known as the hacker “NerveGas”), Jonathan’s research into the iPhone has pioneered many modern forensic methodologies used today, and has been validated by the United States’ National Institute of Justice. Jonathan has extensive experience as a forensic scientist and security researcher specializing in reverse engineering, research and development, and penetration testing, and has performed a number of red-team penetration tests for financial payment processors, government agencies, and the military. Jonathan frequently consults with law enforcement agencies / military on high profile cases and assists federal, state and local agencies in their forensic investigations, and has trained many federal, state and local agencies internationally. Also an author for O’Reilly Media, Jonathan has written several books related to the iPhone including iPhone Forensics, iPhone SDK Application Development, iPhone Open Application Development, and his latest book, Hacking and Securing iOS Applications.

History of iOS.