Book Image

iOS Forensics Cookbook

By : Bhanu Birani, Mayank Birani
Book Image

iOS Forensics Cookbook

By: Bhanu Birani, Mayank Birani

Overview of this book

Mobile device forensics is a branch of digital forensics that involves the recovery of evidence or data in a digital format from a device without affecting its integrity. With the growing popularity of iOS-based Apple devices, iOS forensics has developed immense importance. To cater to the need, this book deals with tasks such as the encryption and decryption of files, various ways to integrate techniques withsocial media, and ways to grab the user events and actions on the iOS app. Using practical examples, we’ll start with the analysis keychain and raw disk decryption, social media integration, and getting accustomed to analytics tools. You’ll also learn how to distribute the iOS apps without releasing them to Apple’s App Store. Moving on, the book covers test flights and hockey app integration, the crash reporting system, recovery tools, and their features. By the end of the book, using the aforementioned techniques, you will be able to successfully analyze iOS-based devices forensically.
Table of Contents (13 chapters)

Exploring iPhone Backup Analyzer

In this section, we are going to explore the iOS forensic tool, iPhone Backup Analyzer.

Getting ready

iPhone Backup Analyzer is a Java-based product that can be used on multiple platforms, such as Windows, Linux, and Mac. You can download the JAR file from This is an open source tool that can be used to extract the iTunes backup files. Most of the time, this tool is used for extracting and analyzing existing backups. However, if needed, this tool can also make a backup.

How to do it...

Perform the following steps to analyze the iTunes backup:

  1. The first step is to get the copy of the backup data; in order to locate the data, you can go to the following directory:

    1. For Windows 7 and above: <user_home>\Application Data\Apple Computer\MobileSync\Backup

    2. For Mac: /Library/Application Support/MobileSync/Backup

  2. Once you have navigated to the preceding path, you should be able to see something like...