Apple’s September Event

On Sept. 1, 2010 apple is having it’s music event.  September has historically been used to usher new multimedia devices.  This should be the event that could see the following releases;

1. New iPod Touch, as some leaks have shown, brother to the iPhone 4

2. New iPod Nano, back to the square design?  Touch screen?

3. iTV?  the anticipated redesign of the AppleTV.  will it also have iOS? <– Yeah!

4. iTunes going to the cloud? Streaming TV?  99 cent shows?

5. Lastly,  more and more importantly there has been more chatter on a possible release of the Verizon White iPhone 4?  That is the dream of every Verizon customer.  With the inroads accomplished by Android lately, it seems fair for Apple to tap into the Verizon Customer base.  Remember Apple has kept its reign above Android on one carrier alone, AT&T.  Going to Verizon will again overtake and more importantly relegate Android to number 2 for a long time.

Time will tell and Steve will certainly entertain us on what Apple is up to.  The big question is, when will the North Carolina Server Farm be coming online. This will herald a new direction for Apple, everything going to the cloud.

File System and Directory Structure Definitions in Mobile Forensics

When we talk about Mobile Forensics and the the use of the term “File System”.  First let us look at the definition of  file system.  A file system (often also written as filesystem) is a method of storing and organizing computer files and their data. Essentially, it organizes these files into a database for the storage, organization, manipulation, and retrieval by the computer’s operating system.*

Examples of File Systems,

HFS+

HFSX

FAT32

NTFS

EXT2

EXT3

The difinition of Directory stucture is, In computing, a directory structure is the way an operating system’s file system and its files are displayed to the user. Files are typically displayed in a Hierarchical tree structure.**

Example of a directory structure,

The use or misuse of these terms is becoming a problem in regards to mobile forensics.  Some people who train others in this field use these terms without knowing the consequence of improperly using them.  This can be catastrophic in court when challenged on just the definition of the term and then how it is applied in regards to the examination.

Forensic tool developers also misuse the term “File System”.  The tools don’t recreate the file system from logical extraction, but they do however get the directory structure.  But a physical dump can get the “file system” and when recreated, then one can articulate that they can get the file system and then recreate the directory structure.

*http://en.wikipedia.org/wiki/Main_Page – Wikipedia page on File System

**http://en.wikipedia.org/wiki/Directory_structure – Wikipedia page on Directory structure

Library of Congress Ruling

While the new ruling appears to be a win for the EFF (Electronic Frontier Foundation). This allows users to jailbreak their phones so that the use can transfer to another carrier or to install Legitimate software.  This still does not allow the broader portion of the DMCA to publicly distribute Apple Code in an unapproved way is still illegal, or to distribute technology, product, or services that is designed to break access controls.  You can jailbreak your own phone but you can’t distribute that break.  Which means that Apple can still go after groups that produce programs that breaks it’s access controls.  So what does that mean for forensics?  Well Law Enforcement still is protected no matter what.  Civilian examiners, if your primary purpose is to install legally purchased programs and such programs aren’t primarily designed to break access controls or to place that same phone onto another carrier, I think your safe.  This ruling is still murky and needs some legal beagle review. Contact your legal authority before treading into unknown waters.

New Book – iOS Forensic Analysis

For those interested.  Apress will be publishing “iOS Forensic Analysis”  and will be available for purchase in print and various electronic formats.  This will be an exciting and comprehensive book on iOS devices; iPhone, iPad, and iPod Touch.  Look for it on 12.5.10

iPhone 4

I waited 2 hours in line at the Annapolis Apple Store to received my reserved iPhone.  Once I saw it, I said “WOW”.  But as time went on, WOW went to DUD.  I couldn’t send emails, tweets, and surfing was painful.  I thought I was on the verizon network or back to my 2G iPhone.  I made an appointment with a “Apple Genius” again at the Annapolis Apple Store, and waited some more.  Finally got a Genius, and much to my surprise, they just swapped out my recent purchased iPhone 4 for a brand new one.  Wasn’t asked to get a bumper, they looked at the device with their diagnostic tools and “BAM”, new phone.  Can’t speak for everyone, but all the hype of how Apple was to handle the returns of the iPhone, I didn’t experience it.

The new one is much better, haven’t had as many dropped calls, actually send email, surf the web. I’m a happy camper.

Thanks Apple!  Great Phone!

iPad

Having used the Apple iPad for one week.  I find that this device is a pleasure to use.  It’s much more than a big iPod Touch.  The iPad can create and has the real estate to do it.  As a Speaker, I wish that Keynote could be use via bluetooth to a projector, so that I could walk around and talk.  This would break me free from the podium.  I like to walk and talk.  But that’s my wish.

The iPad makes me think, what will I really use this for?  After the hype and novelty of the device wears off, I ask that question to myself.  But here are some pros and cons that I thought was important.

Things I really liked,

1. Safari is cool, reading is so much easier than on my iPhone.

2. Email, in landscape mode is nice

3. Calendar is cool.  no more squinting to see the whole month.

4. Contacts is really cool nice to use and navigate.

5. Photos is really cool, the pinch and expanding of albums and events, is really nice.

6. iPod, haven’t use it yet.  Don’t see the need to add music, I think my iPhone is a better device for that.

7. iBook, is nice, the layout is cool, again easy to use.  Got a book from the store and that wasn’t a headache to do.

8. Overall the iPad is  very quick, and the battery actually has some juice to it. Thanks Apple for finally getting that right. The video is a joy to watch, even YouTube HD.  The Tron trailer was cool.

Things I didn’t like,

Safari,

1. No Tabbed Browsing

2. No Home button

Speaker,

1. You would think for the amount of money we could get 2?  Stereo?

Email

1. Portrait view, a real pain to use. not as nice as in landscape

Maps

1. Seemed sluggish, not as fast as other apps, this was disappointing.  Maybe the new maps will be nicer.

iPhone Apps

1. I found awful, wait and get the app for the iPad.

That’s what I think of Apple’s newest creation, the iPad.  Maybe after awhile I’ll get used to the name, still don’t like it.

iPhone Forensic Analysis Book

Well,

For all those that have been waiting for this book, Honestly I don’t know where it stands, Due to some differences between myself and the publisher, can’t tell anybody if this book will ultimately be published.  If this book doesn’t get published, I plan to explore the possibilities of self publishing as an  e-book.  The contents of the manuscript I feel is important information for those that conduct iPhone examinations.  For me it’s not about the money, but that the knowledge is passed on.

There is an update to this saga with Syngress.  I’m going to take all the material that has been written to date and add the iPad and iPhone OS 4 and put out a paperback and ebook.  the title will be “iPhone Forensic Handbook”

Published by Katana Forensics.

FTS iXAM

I am happy to announce that FTS has graciously given me a trial of iXAM.  The results of this study will be published in the upcoming book. “iPhone Forensic Analysis”.  Some of the other tools that will be reviewed, are as follows

Access Data FTK 3.0
Cellebrite UFED
Paraben Device Siezure
Susteen Secure View
Oxygen Forensic Suite 2010
MSAB .XRY and .XACT
Fernico ZRT
ABC Amber iPhone Converter

and many free tools

Deleted SMS

Was doing some work for the PFIC 2009 Conference, and I was looking at the SMS.db of a logical backup.  I was looking at the database in a Hex Editor, and to my surprise I saw a SMS that I received from my former Boss that I had deleted.  So I looked even further and found some more, not just the content of the text, the phone number associated, all what you normally find in a non-deleted text.   So, now one more item that can be retrieved from the logical data, and no need to conduct a intrusive search on the iPhone.  There is a utility for windows that claims to retrieve deleted SMS from the logical backup.  Haven’t validated this tool yet.  When I have completed testing, I will post the results.

Dutch Hacker attacks Jailbroken iPhones

So, you want to jailbreak your iPhone,  you may want to read this before using the latest and greatest hacks out there.

http://gizmodo.com/5395645/dutch-hacker-holds-jailbroken-iphones-hostage-for-5-ransom-while-exposing-security-vulnerability

So, what was the fix? The fix that this hacker was proposing was to replace  iPhones with the original Apple Firmware.