A lot of noise has been given to the tracking of the iPhone. One good thing came out of it. LE researchers have been able to keep it quiet for over a year. My research into My book “iOS Forensic Analysis” covered not only consolidated.db but how to visualize the data with just using Google Maps and Google Earth. Crude, but it worked. This research I put into the development of Katana Forensic’s Lantern v2.0.
So now that it is out, how does one protect themselves,
1. Use a numerical or strong password on your phone.
2. Encrypt your Backup within itunes,
3. Get a free iTunes account to remotely lock and wipe your device,
“Locate your iPhone on a map.
People misplace things all the time. Fortunately, if you lose your iPhone, Find My iPhone can help. It’s a feature that’s part of MobileMe, but now it’s also free on every iPhone 4 with iOS 4.2 or later.* Enable Find My iPhone in Settings. Then if you misplace your iPhone, you can sign in to me.com from any computer web browser or using the Find My iPhone app on another iPhone, iPad, or iPod touch to display its approximate location on a map.”
-From Apple’s website describing this service
4. Use File Vault to Encrypt your user volume, this would protect all your data not just the iTunes Backup.
5. In the upcoming operating system, Lion will allow for full disk encryption.
6. Don’t jailbreak your device.
The best security is to keep the iPhone’s original operating system intact. There have been know issues that have come from users that have broken the device and have been attacked by Hackers.
If one utilizes the measures that Apple provides to protect the public, it seems hard that they would “Spy” on them. They don’t and this was asked and answered a year ago. This is what happens when “Researchers” take an issue too far without looking at the facts at hand. We like how our new smartphones work. We also realize that we are giving up something in order to acquire these new technologies that we look and say, “WOW”.
So we can take the time to protect ourselves, or go back to the dumb phones that only placed calls. That is the reality of our society. I like my iPhone and do use a passcode, encrypt my backups, and have a Mobile Me account. Most people don’t know about this but hope this helps in getting you protected.
Researchers at Katana Forensics had looked at Geolocation data for quite some time. Early Last year Katana assisted Law Enforcement Agencies with cases to include a Homicide. The request among others was for Geolocation data and having it mapped. These findings have been published numerous times and revealed at conferences within the United States. Lantern version 2.0 was released in January 2011 which did more than the english free tool could do and much more. So was it really news or not? Looks like for once, Forensic Experts beat out “Security Researchers”
Just finished writing an article on Imaging the MacBook Air for Digital Forensics Magazine!! Hope it helps those that were pondering this issue.
The MacBook Air was introduced in 2008 and was the thinnest and lightest Mac ever made. It didn’t have much of a following until 2010 when the New Mac Book Air was announced. Sales of this generation was a good sign for Apple and the life cycle of this model.
Back in 2009 I developed methods to image the Apple Air. The older Airs, had both Serial ATA and SSD drived with 64GB and larger. future generations were typically the same but had larger hard drives. The latest generation has SATA DIMM drives, a first of it’s kind.
There were 3 basic ways to image the Air.
1. Remove the drive from the Air and image using adapters and normal free imaging tools
2. To use a Linux boot disk like SPADA 4. This method was helpful because it removed the necessity to have a USB hub. All that was needed, was to Load SPADA into ram, connect an external drive, and image.
3. was to install OS X 10.5 to an external hard disk, make sure disk arbitration was turned off, and the image using command line binaries like dcfldd or dc3dd. Now we can use this method again but using OS X 10.6 on the new SATA DIMM drives on the new Mac Airs.
I will later detail all these methods so that all examiners will have the knowledge to image any Air that they encounter and using free methods. The external Hard drive will necessitate the purchasing of OS X.
Come back and see how to handle these devices!!!!
There has been more speculation on the the possibility of a Verizon iPhone than ever before. blogs on Qualcomm chips being purchased, to Apple employees not allowed to take vacation, to now Verizon’s event this week in New York. Is everything aligning for a new iPhone? Apple is the genius of how it continues to get buzz around itself. It’s a testament to the brilliance of Steve Jobs. If the Verizon iPhone does arrive, and if you thought you didn’t see iPhones in your labs, you will or your case load will certainly increase over the next year. Let’s see and find out if all the prognosticators are correct. Me, it’s smart for Apple to release one now as Android has pushed ahead of iOS.
I was asked why do you need Mac to Analyze iDevices. The reason people ask is that they are under the impression that Macs are expensive. Some are yes, But, the Mac Mini is very affordable and one can use existing peripherals to connect. The second is that forensic tools that are created on the Mac platform are better suited to analyze Apple file types. Also all the tools I know of are very inexpensive as compared to windows based tools. The Mac can also be used to conduct exams on OS X systems as well. So, before you listen to other vendors, take the time to make an informed decision. There’s a lot of information on the web than can assist you in getting to know why Macs are better, oh yeah forgot, they run windows better also!
For you forensicators, now we have to look for another device that can hold backup files. the Iomega device backups up data to an SD Card.
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2011/01/03/BA5N1H3G12.DTL#ixzz1A1UYXWB8 This along with another opinion from two seperate Federal Courts will move it’s way to the US Supreme Court to decide this once and for all.
My Publisher, Apress will be at CES 2011!! If your in Vegas, look them up!