Performing forensics on iOS devices has become a lot more difficult as mobile devices have advanced. Eventually, it could become almost impossible due to improved and advanced security features added to iOS firmware upgrades. Here is an outstanding and comprehensive article about such issues for mobile forensics.
iOS Device Dashboard
There is a plethora of Apple’s iOS-based devices on the market. From a forensics standpoint, our learning curve as examiners has increased in our handling of these devices over the years. To that end, I have collected personal notes as I have dealt with these devices as I am sure most forensicators have. I recently decided to compile all of my notes into a single place and build upon the work that I observed that was recently compiled by Dylan and referenced by Heather Mahalik on her SmarterForensics blog. If you conduct forensics on iPhones or iPads, hopefully you’ll find this reference chart useful.
libimobiledevice is a cross-platform software library that talks the protocols to support iPhone®, iPod Touch®, iPad® and Apple TV® devices. Unlike other projects, it does not depend on using any existing proprietary libraries and does not require jailbreaking. It allows other software to easily access the device’s filesystem, retrieve information about the device and it’s internals, backup/restore the device, manage SpringBoard® icons, manage installed applications, retrieve addressbook/calendars/notes and bookmarks and (using libgpod) synchronize music and video to the device.
iPhone Research Tool
This FREE research tool, developed in 2014 by researchers at University of New Haven (UNH) Cyber Forensics Research & Education Group / Lab, LiFE (Logical iOS Forensic Examiner) is an open source tool for iOS backup examination.
Tools and information on iOS 4/5 data protection features.
the iPhone wiki
Every iOS firmware for all iOS devices you need to download.
Mobile Security Wiki
One LARGE iOS security resource for all kinds of environments. Be sure to click the Apple logo at the top of the page to get iOS specific tools.
A platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files.
The file and app management tool for iPhone, iPad & iPod Touch.
Jonathan Zdziarski’s Blog of Things
Jonathan Zdziarski is considered, worldwide, to be among the foremost experts in iOS related digital forensics and security. As an iOS security expert in the field (sometimes known as the hacker “NerveGas”), Jonathan’s research into the iPhone has pioneered many modern forensic methodologies used today, and has been validated by the United States’ National Institute of Justice. Jonathan has extensive experience as a forensic scientist and security researcher specializing in reverse engineering, research and development, and penetration testing, and has performed a number of red-team penetration tests for financial payment processors, government agencies, and the military. Jonathan frequently consults with law enforcement agencies / military on high profile cases and assists federal, state and local agencies in their forensic investigations, and has trained many federal, state and local agencies internationally. Also an author for O’Reilly Media, Jonathan has written several books related to the iPhone including iPhone Forensics, iPhone SDK Application Development, iPhone Open Application Development, and his latest book, Hacking and Securing iOS Applications. I highly recommend the app he built, Disk Analyzer, to wipe the free space of your iOS device before you sell it, give it away.
History of iOS.
The Mobile Device Examiner
Comprehensive blog full of forensic information and tools used.
The Apple Examiner
A reference to the many forensics tools that are coming out or have been out to analyze Apple’s iOS based devices: iPhone, iPad, and iPod Touch. Some of these tools will analyze the original iPod family as well.