IPhone Forensic Extrction

[ana]

How would I go about acquiring forensics data from and IPhone 5? :?: :?:

 

[PreferredUser]

How would I go about acquiring forensics data from and IPhone 5? :?: :?:

With one of the tools that supports the iPhone 5.

 

[htcj0110]

How would I go about acquiring forensics data from and IPhone 5? :?: :?:

Let's say if suspect also use iTune or iCloud, you still got chances to acquire those evidence.

 

[cybercop]

With a subpoena you can get that straight from apple.

 

[redneckcop]

How would I go about acquiring forensics data from and IPhone 5? :?: :?:

iTunes is a pretty decent tool, believe it or not, if you want to take a backup of an iPhone's contents and preview it. It backs up other stuff on the phone besides music, which surprised me at first. It doesn't seem to do a sector by sector backup though, at least not that I have observed .

 

[rww]

There are a number of tools available to do this. However unless you are a sworn official most of the companies will not sell the software and cables needed to do this type of extraction.

 

[twicesafe]

@rww makes a valid point in that some software is only available to law enforcement.

When posting questions, please be sure to include:
1. Where do you work?
2. Why do you want to do the action you are asking?
3. Type of device, including version.
4. State of the phone. (locked..PIN, Password, etc. or unlocked)


SANS Institute often provides excellent white papers on Digital Forensics. This one produced back in 2012 would be valid for an iPhone 5. It discusses acquisition on page 6.

SANS Institute: Reading Room - Forensics
[Download]

 

[azuleonyx]

iTunes is a pretty decent tool, believe it or not, if you want to take a backup of an iPhone's contents and preview it. It backs up other stuff on the phone besides music, which surprised me at first. It doesn't seem to do a sector by sector backup though, at least not that I have observed .

No, iTunes does not do a sector by sector backup. iTunes is probably the best non-commercial tool depending on what you are trying to do. Just note depending on iTunes configurations, you may not get everything sync'd to the cloud. Also, having the computer which was used for the iPhone would help in getting any automatically phone backups instead of trying to pull your own.

Outside of the SANS Institute above, other tools can be located at Apple iPhone - ForensicsWiki. However, in any case, make sure you have legal rights to examine the phone before attempting any forensics on it.

 

[Randomaccess]

There are a number of tools available to do this. However unless you are a sworn official most of the companies will not sell the software and cables needed to do this type of extraction.

That's not exactly true

There's a couple of tools that you can use to perform this type of extraction (Belkasoft's BAT and Magnet Acquire both are free tools for it). And the cable for an iPhone extraction is a standard iPhone cable.

Parsing the data; paid tools generally do a more comprehensive job, but you can manually examine the extracted data using something like ibackupbot, a plist viewer, and an sqlite viewer with the right queries

 

[rww]

That's not exactly true

There's a couple of tools that you can use to perform this type of extraction (Belkasoft's BAT and Magnet Acquire both are free tools for it). And the cable for an iPhone extraction is a standard iPhone cable.

Parsing the data; paid tools generally do a more comprehensive job, but you can manually examine the extracted data using something like ibackupbot, a plist viewer, and an sqlite viewer with the right queries

Fair...but notice that I said "most of the companies"....did not say "all of the companies".

 

[Randomaccess]

Fair...but notice that I said "most of the companies"....did not say "all of the companies".

I'm only aware of one company, grayshift, that won't sell to non law enforcement. All the others work with both LE and non LE.
Which other companies will only sell phone extraction tools to LE?