Book Image

iOS Forensics Cookbook

By : Bhanu Birani, Mayank Birani
Book Image

iOS Forensics Cookbook

By: Bhanu Birani, Mayank Birani

Overview of this book

Mobile device forensics is a branch of digital forensics that involves the recovery of evidence or data in a digital format from a device without affecting its integrity. With the growing popularity of iOS-based Apple devices, iOS forensics has developed immense importance. To cater to the need, this book deals with tasks such as the encryption and decryption of files, various ways to integrate techniques withsocial media, and ways to grab the user events and actions on the iOS app. Using practical examples, we’ll start with the analysis keychain and raw disk decryption, social media integration, and getting accustomed to analytics tools. You’ll also learn how to distribute the iOS apps without releasing them to Apple’s App Store. Moving on, the book covers test flights and hockey app integration, the crash reporting system, recovery tools, and their features. By the end of the book, using the aforementioned techniques, you will be able to successfully analyze iOS-based devices forensically.
Table of Contents (13 chapters)

Extracting data from iTunes backups

Extracting the logical information from the iTunes backup is crucial for forensics investigation. There is a full stack of tools available for extracting data from the iTunes backup. They come in a wide variety, from open source to paid tools. Some of these forensic tools are Oxygen Forensics Suite, Access Data MPE+, EnCase, iBackup Bot, DiskAid, and so on. The famous open source tools are iPhone Backup Analyzer and iPhone Analyzer. In this section, we are going to learn how to use the iPhone backup extractor tools.

How to do it...

The iPhone backup extractor is an open source forensic tool that can extract information from device backups. However, there is one constraint that the backup should be created from iTunes 10 onwards. Follow these steps to extract data from iTunes backup:

  1. Download the iPhone backup extractor from

  2. Make sure that all your iTunes backup is located at this directory: ~/Library/ApplicationSupports/MobileSync...