Book Image

Practical Mobile Forensics

Book Image

Practical Mobile Forensics

Overview of this book

Table of Contents (20 chapters)
Practical Mobile Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
10
Android Data Recovery Techniques
Index

Acquisition via jailbreaking


To perform physical acquisition on devices that are not vulnerable to the Boot ROM exploit, the device must be jailbroken. Jailbreaking an iPhone allows the examiner to install tools that would not normally be on the device, such as SSH. By far, the most popular method for jailbreaking is with redSn0w or evasi0n. Both tools have simple wizards that will step the iOS device through the jailbreak process and install the Cydia application. An examiner should only jailbreak a device as a last resort and should use great caution when doing so. Again, all steps taken by the examiner must be well-documented. The jailbreaking process makes changes to the device, which may damage evidence or render it inadmissible in court. If possible, consider performing a logical acquisition first to preserve evidence that may be lost during the jailbreaking process.

To obtain an image of the user data partition, the forensic workstation and the target iOS device must be placed on the...