Lantern Lite, the open source project has taken its first step. It was released to Law Enforcement. After some modifications and improvements, the utility will be released to the public. Security professionals will finally have access to a free tool to examine iDevices.
This is meant for all that do forensics, and keeping it free and away from forensic tool makers that can’t innovate, just copy. The days of paying to image an iDevice is over. It is parsing the data where one uses grey matter.
Further information can be seen at www.lanternlite.org
My good friend Shafik Punja asked “Remember how you showed me to take a Lantern case file and bring it into Encase?” I responded that I did remember showing him how to do it. Shafik he asked me to place this blog so that others can benefit from this as well. So here it is using a case folder using the new Lantern 2. This will also work using FTK. Unfortunately I do not have FTK running in my VM, so this method can also work the same way. For this demonstration I am using Parallels. Just like it better now, but again, if you have VMware Fusion, this will work also.
1. Acquire an iDevice using Lantern.
2. Start you Windows virtual machine
3. Depending on your VM software, set up file sharing
4. Copy the Lantern case file (the icon that looks like a briefcase) and bring it into Windows. As you see in the following figure, the case file looks like a file folder. The Lantern case file in 2.0 is an Apple/Mac package. Basically a folder. Windows 7 sees this package as a folder.
5. Open You windows base forensic tool, in this demonstration open Encase and create a case.
6. Then just drag and drop the Lantern folder into Encase as seen below,
7. Then you can run whatever process you care to do at this time. It is just that simple!
For older Lantern version 1 case files. It is essential a Zip file. Just unzip the files and bring them into Encase or FTK using the same method as described above. If you have any questions drop me an email. firstname.lastname@example.org
A lot of noise has been given to the tracking of the iPhone. One good thing came out of it. LE researchers have been able to keep it quiet for over a year. My research into My book “iOS Forensic Analysis” covered not only consolidated.db but how to visualize the data with just using Google Maps and Google Earth. Crude, but it worked. This research I put into the development of Katana Forensic’s Lantern v2.0.
So now that it is out, how does one protect themselves,
1. Use a numerical or strong password on your phone.
2. Encrypt your Backup within itunes,
3. Get a free iTunes account to remotely lock and wipe your device,
“Locate your iPhone on a map.
People misplace things all the time. Fortunately, if you lose your iPhone, Find My iPhone can help. It’s a feature that’s part of MobileMe, but now it’s also free on every iPhone 4 with iOS 4.2 or later.* Enable Find My iPhone in Settings. Then if you misplace your iPhone, you can sign in to me.com from any computer web browser or using the Find My iPhone app on another iPhone, iPad, or iPod touch to display its approximate location on a map.”
4. Use File Vault to Encrypt your user volume, this would protect all your data not just the iTunes Backup.
5. In the upcoming operating system, Lion will allow for full disk encryption.
6. Don’t jailbreak your device.
The best security is to keep the iPhone’s original operating system intact. There have been know issues that have come from users that have broken the device and have been attacked by Hackers.
If one utilizes the measures that Apple provides to protect the public, it seems hard that they would “Spy” on them. They don’t and this was asked and answered a year ago. This is what happens when “Researchers” take an issue too far without looking at the facts at hand. We like how our new smartphones work. We also realize that we are giving up something in order to acquire these new technologies that we look and say, “WOW”.
So we can take the time to protect ourselves, or go back to the dumb phones that only placed calls. That is the reality of our society. I like my iPhone and do use a passcode, encrypt my backups, and have a Mobile Me account. Most people don’t know about this but hope this helps in getting you protected.