Katana Forensics now has a Law Enforcement Version and a public Version of Lantern Lite – “The iOS Physical Imager” Now everyone has the capacity to image iOS Devices. All ranges of Forensics and Security have the ability to analyze these devices. See the details at http://www.katanaforensics.com.
Now in until Sat. Nov. 26, 2011 Katana Forensics is having a black Friday sale. 10% off on the popular Lantern iOS Forensic Software. You’ll never see this offer again!!! GET IT HERE —>Katana Store
Lantern Lite, the open source project has taken its first step. It was released to Law Enforcement. After some modifications and improvements, the utility will be released to the public. Security professionals will finally have access to a free tool to examine iDevices.
This is meant for all that do forensics, and keeping it free and away from forensic tool makers that can’t innovate, just copy. The days of paying to image an iDevice is over. It is parsing the data where one uses grey matter.
Further information can be seen at www.lanternlite.org
My good friend Shafik Punja asked “Remember how you showed me to take a Lantern case file and bring it into Encase?” I responded that I did remember showing him how to do it. Shafik he asked me to place this blog so that others can benefit from this as well. So here it is using a case folder using the new Lantern 2. This will also work using FTK. Unfortunately I do not have FTK running in my VM, so this method can also work the same way. For this demonstration I am using Parallels. Just like it better now, but again, if you have VMware Fusion, this will work also.
1. Acquire an iDevice using Lantern.
2. Start you Windows virtual machine
3. Depending on your VM software, set up file sharing
4. Copy the Lantern case file (the icon that looks like a briefcase) and bring it into Windows. As you see in the following figure, the case file looks like a file folder. The Lantern case file in 2.0 is an Apple/Mac package. Basically a folder. Windows 7 sees this package as a folder.
5. Open You windows base forensic tool, in this demonstration open Encase and create a case.
6. Then just drag and drop the Lantern folder into Encase as seen below,
7. Then you can run whatever process you care to do at this time. It is just that simple!
For older Lantern version 1 case files. It is essential a Zip file. Just unzip the files and bring them into Encase or FTK using the same method as described above. If you have any questions drop me an email. firstname.lastname@example.org
A lot of noise has been given to the tracking of the iPhone. One good thing came out of it. LE researchers have been able to keep it quiet for over a year. My research into My book “iOS Forensic Analysis” covered not only consolidated.db but how to visualize the data with just using Google Maps and Google Earth. Crude, but it worked. This research I put into the development of Katana Forensic’s Lantern v2.0.
So now that it is out, how does one protect themselves,
1. Use a numerical or strong password on your phone.
2. Encrypt your Backup within itunes,
3. Get a free iTunes account to remotely lock and wipe your device,
“Locate your iPhone on a map.
People misplace things all the time. Fortunately, if you lose your iPhone, Find My iPhone can help. It’s a feature that’s part of MobileMe, but now it’s also free on every iPhone 4 with iOS 4.2 or later.* Enable Find My iPhone in Settings. Then if you misplace your iPhone, you can sign in to me.com from any computer web browser or using the Find My iPhone app on another iPhone, iPad, or iPod touch to display its approximate location on a map.”
-From Apple’s website describing this service
4. Use File Vault to Encrypt your user volume, this would protect all your data not just the iTunes Backup.
5. In the upcoming operating system, Lion will allow for full disk encryption.
6. Don’t jailbreak your device.
The best security is to keep the iPhone’s original operating system intact. There have been know issues that have come from users that have broken the device and have been attacked by Hackers.
If one utilizes the measures that Apple provides to protect the public, it seems hard that they would “Spy” on them. They don’t and this was asked and answered a year ago. This is what happens when “Researchers” take an issue too far without looking at the facts at hand. We like how our new smartphones work. We also realize that we are giving up something in order to acquire these new technologies that we look and say, “WOW”.
So we can take the time to protect ourselves, or go back to the dumb phones that only placed calls. That is the reality of our society. I like my iPhone and do use a passcode, encrypt my backups, and have a Mobile Me account. Most people don’t know about this but hope this helps in getting you protected.
I waited 2 hours in line at the Annapolis Apple Store to received my reserved iPhone. Once I saw it, I said “WOW”. But as time went on, WOW went to DUD. I couldn’t send emails, tweets, and surfing was painful. I thought I was on the verizon network or back to my 2G iPhone. I made an appointment with a “Apple Genius” again at the Annapolis Apple Store, and waited some more. Finally got a Genius, and much to my surprise, they just swapped out my recent purchased iPhone 4 for a brand new one. Wasn’t asked to get a bumper, they looked at the device with their diagnostic tools and “BAM”, new phone. Can’t speak for everyone, but all the hype of how Apple was to handle the returns of the iPhone, I didn’t experience it.
The new one is much better, haven’t had as many dropped calls, actually send email, surf the web. I’m a happy camper.
Thanks Apple! Great Phone!