A Simple Cost-Effective Framework for iPhone Forensic Analysis

  • Mohammad Iftekhar Husain
  • Ibrahim Baggili
  • Ramalingam Sridhar
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 53)


Apple iPhone has made significant impact on the society both as a handheld computing device and as a cellular phone. Due to the unique hardware system as well as storage structure, iPhone has already attracted the forensic community in digital investigation of the device. Currently available commercial products and methodologies for iPhone forensics are somewhat expensive, complex and often require additional hardware for analysis. Some products are not robust and often fail to extract optimal evidence without modifying the iPhone firmware which makes the analysis questionable in legal platforms. In this paper, we present a simple and inexpensive framework (iFF) for iPhone forensic analysis. Through experimental results using real device, we have shown the effectiveness of this framework in extracting digital evidence from an iPhone.


iPhone Forensics Smartphone Jailbreaking iTunes 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Milanesi, C., Gupta, A., Vergne, H., Sato, A., Nguyen, T., Zimmermann, A., Cozza, R.: Garner Technology Business Research Insight. In: Dataquest Insight: Market Share for Mobile Devices, 1Q09, http://www.gartner.com/DisplayDocument?id=984612
  2. 2.
    Radio Tactics Ltd.: Aceso - Mobile forensics wrapped up. In: Radio Tactics | Mobile Phone Forensics, http://www.radio-tactics.com/products/aceso/
  3. 3.
    Cellebrite Forensics: Cellebrite Mobile Data Synchronization UFED Standard Kit. In: Cellebrite Mobile Data Synchronization, http://www.cellebrite.com/UFED-Standard-Kit.html
  4. 4.
    Paraben Corporation: Cell Phone Forensics. In: Paraben Corporation, Cell Phone Forensics Software, http://www.paraben-forensics.com/cell_models.html
  5. 5.
    Micro Systemation: XRY Physical Software. In: XRY the complete mobile forensic solution, http://www.msab.com/products/xry0/overview/page.php
  6. 6.
    Logicube: Logicube CellDEK Cell Phone Data Extraction. In: Logicube.com, hard drive duplication, copying hard drive & computer forensics, http://www.logicubeforensics.com/products/hd_duplication/celldek.asp
  7. 7.
    Lohmann, F.: Apple Says iPhone Jailbreaking is Illegal | Electronic Frontier Foundation. In: Electronice Frontier Foundation, Defending Freedom in the Digital World, http://www.eff.org/deeplinks/2009/02/apple-says-jailbreaking-illegal
  8. 8.
    Association of Chief Police Officers: Good Practice Guide for Computer based Electronic Evidence. In: Association of Chief Police Officers, http://www.dataclinic.co.uk/ACPO%20Guide%20v3.0.pdf (accessed June 2010)
  9. 9.
    Husain, M., Sridhar, R.: iForensics: Forensic Analysis of Instant Messaging on Smart Phones. In: Goel, S. (ed.) ICDF2C 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 31, pp. 9–18. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Paraben Corporation: Forensic Software Comparison Chart. In: Paraben Corporation, Cell Phone Forensics, http://www.paraben-forensics.com/cell-phone-forensics-comparison.html
  11. 11.
    Zdziarski, J.: iPhone Forensics. O’reilly Media, Sebastopol (2008)Google Scholar
  12. 12.
    Hoog, A., Gaffaney, K.: iPhone Forensics. In: viaForensics, http://viaforensics.com/wpinstall/wp-content/uploads/2009/03/iPhone-Forensics-2009.pdf
  13. 13.
    Vaughn, S.: MobileSyncBrowser | View and Recover Your iPhone Data. In: MobileSyncBrowser | View and Recover Your iPhone Data, http://homepage.mac.com/vaughn/msync/
  14. 14.
    Piacentini, M.: SQLite Database Browser. In: SQLite Database Browser, http://sqlitebrowser.sourceforge.net/
  15. 15.
    VOWSoft Ltd.: Plist Editor For Windows. In: Download iPod software for Windows, http://www.icopybot.com/plistset.exe
  16. 16.
    Gondrom, T., Brandner, R., Pordesch, U.: Electronic Record Syntex. Request For Comments 4998, Open Text Corporation (2007)Google Scholar
  17. 17.
    Brezinski, D., Killalea, T.: Guidelines for Evidence Collection and Archiving. Request For Comments 3227, In-Q-Tel (2002)Google Scholar
  18. 18.
    Apple Inc.: About the security content of the IPhone 1.1.1 Update, http://support.apple.com/kb/HT1571
  19. 19.
    Apple Inc.: About the security content of IPhone v1.1.3 and iPod touch v1.1.3, http://support.apple.com/kb/HT1312
  20. 20.
    Apple Inc.: About the security content of IPhone v2.1, http://support.apple.com/kb/HT3129
  21. 21.
    Apple Inc.: About the security content of IPhone OS 3.0 Software Update, http://support.apple.com/kb/HT3639
  22. 22.
    Apple Inc.: About the security content of IPhone OS 3.1 and IPhone OS 3.1.1 for iPod touch, http://support.apple.com/kb/HT3860
  23. 23.
    Apple Inc.: Apple iPhone. In: Apple-iPhone-Mobile Phone, iPod, and Internet Device, http://www.apple.com/iphone/

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2011

Authors and Affiliations

  • Mohammad Iftekhar Husain
    • 1
  • Ibrahim Baggili
    • 2
  • Ramalingam Sridhar
    • 1
  1. 1.Department of Computer Science and EngineeringUniversity at Buffalo, The State University of New YorkBuffaloUSA
  2. 2.College of Information TechnologyZayed UniversityUAE

Personalised recommendations