Book Image

iOS Forensics Cookbook

By : Bhanu Birani, Mayank Birani
Book Image

iOS Forensics Cookbook

By: Bhanu Birani, Mayank Birani

Overview of this book

Mobile device forensics is a branch of digital forensics that involves the recovery of evidence or data in a digital format from a device without affecting its integrity. With the growing popularity of iOS-based Apple devices, iOS forensics has developed immense importance. To cater to the need, this book deals with tasks such as the encryption and decryption of files, various ways to integrate techniques withsocial media, and ways to grab the user events and actions on the iOS app. Using practical examples, we’ll start with the analysis keychain and raw disk decryption, social media integration, and getting accustomed to analytics tools. You’ll also learn how to distribute the iOS apps without releasing them to Apple’s App Store. Moving on, the book covers test flights and hockey app integration, the crash reporting system, recovery tools, and their features. By the end of the book, using the aforementioned techniques, you will be able to successfully analyze iOS-based devices forensically.

Related Content you might be interested in

Current Title:

Small book image
iOS Forensics Cookbook
Bhanu Birani | Mayank Birani
Jan, 2016 | 184 pages
No titles found
Table of Contents (13 chapters)
iOS Forensics Cookbook
iOS Forensics Cookbook
Credits
Credits
About the Authors
About the Authors
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Saving and Extracting Data
Saving and Extracting Data
The Documents directory
Saving data using the RAW file
Saving data in the SQLite database
Learning about core data
2
Social Media Integration
Social Media Integration
Integration with Facebook
Integrating with LinkedIn
Integration with Instagram
3
Integrating Data Analytics
Integrating Data Analytics
Introduction
Google Analytics
Flurry Analytics
Flurry with data mining
Integrating Mixpanel
4
App Distribution and Crash Reporting
App Distribution and Crash Reporting
Setting up and integrating TestFlight
Integrating HockeyApp
HockeyApp for crash reporting
5
Demystifying Crash Reports
Demystifying Crash Reports
Crashlytics integration
Desymbolication of crash logs
Analyzing crash reports
6
Forensics Recovery
Forensics Recovery
DFU and Recovery modes
Extracting and reading data
Recovering backups
Extracting data from iTunes backups
Encrypting and decrypting tools
7
Forensics Tools
Forensics Tools
Exploring iPhone Backup Analyzer
Exploring iExplorer
Exploring SQLite browser
Jailbreaking iPhone devices
Index
Index

The Documents directory

Our app only runs in a "sandboxed" environment. This means that it can only access files and directories within its own contents, for example, Documents and Library. Every app has its own document directory from which it can read and write data as and when needed. This Documents directory allows you to store files and subdirectories created by your app. Now, we will create a sample project to understand the Document directories in much more depth.

Getting ready

Open Xcode and go to File | New | File and then navigate to iOS | Application | Single View Application. In the popup, provide the product name DocumentDirectoriesSample.

How to do it...

Perform the following steps to explore how to retrieve the path of document directories:

  1. First, we will find out where in simulators and iPhones our document directories are present. To find the path, we need to write some code in our viewDidLoad method. Add the following line of code in viewDidLoad: 

    NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);
NSString *documentsDirectory = [paths objectAtIndex:0];
NSLog(@"%@", documentsDirectory);

    In the preceding code, first we fetch the existing path in our path's array. Now, we will take the first object of our path array in a string that means our string contains one path for our directory. This code will print the path for document directory of the simulator or device wherever you are running the code.

  2. To create the folder in documentsDirectory, run the following code:

    NSString *dataPath = [documentsDirectory stringByAppendingPathComponent:@"/MyFolder"];
if (![[NSFileManager defaultManager] fileExistsAtPath:dataPath])
  [[NSFileManager defaultManager] createDirectoryAtPath:dataPath withIntermediateDirectories:NO attributes:nil error:nil];

    In the preceding code snippet, the [documentsDirectory stringByAppendingPathComponent:@"/MyFolder"] line will create our folder in the Document directory and the last code of NSFileManager will check whether that dataPath exists or not; if it does not exist, then it will create a new path.

  3. Now, compile and run the project; you should be able to see the path of Document directories in your project console. This should look like the following screenshot:

  4. Now, go to Finder; from the options, select Go to Folder and paste the documentsDirectory path from the console. This will navigate you to the Documents directory of the simulator. The Documents directory will look like the following screenshot:

See also

The Apple developer link for documents directories is as follows:

https://developer.apple.com/library/mac/documentation/FileManagement/Conceptual/FileSystemProgrammingGuide/AccessingFilesandDirectories/AccessingFilesandDirectories.html#//apple_ref/doc/uid/TP40010672-CH3-SW1

Previous Section
End of Section 2
Next Section