This book focuses on the various techniques for acquisition, identification, and forensic analysis of iOS devices. This is a step-by-step practical guide that will help you to follow the procedure and extract data from iOS devices. This book helps professionals to investigate and understand forensic scenarios easily. This is a practical guide written after the rising popularity of iOS devices and the growing investigation requirements. This book deals with the various ways to investigate devices with different iOS versions and the presence and absence of other security systems such as lock code, backup passwords, and so on.
Conceptually, this book can be divided into three sections. The first section deals with the understanding of how data is generated by applications and how and where it is stored on the device. The second section focuses mainly on various analytic techniques, which include the analytics of apps by reading their logs and reports provided by Apple and other third-party vendors. This also includes the analysis and other related data mining studies provided by Google and Crashlytics. The third section, that is, the last section of the book, deals with a study, in detail, of various core forensics, which include the data structure and organization of files. This also includes the study of various open source tools that allow the detail decrypting techniques performed on any iOS device.
Chapter 1, Saving and Extracting Data, focuses on the ways to save the data in the document directory of the device along with ways to fetch the data back. In this chapter, we will also discuss the encryption and decryption of the files that are saved in the document directories. We will also discuss keychain and raw disk decryption in the chapter.
Chapter 2, Social Media Integration, teaches you the various ways to integrate social media with your application. The primary focus will be on the various configurations that have to be taken care of while integrating social media with the application.
Chapter 3, Integrating Data Analytics, discusses the various application analytics tools. The primary focus will be on the various ways to grab the user events and actions on the app. Then, moving forward, we will learn the powerful ways to crunch the useful information from the data gathered on the cloud.
Chapter 4, App Distribution and Crash Reporting, teaches you about the power of distributing your apps without releasing them to Apple's App Store. In this chapter, you will learn about over the air application distribution. You will also learn the various ways to track errors in our app.
Chapter 5, Demystifying Crash Reports, demystifies the overall crash reporting system. This also includes ways to read the crash reports accumulated on iTunes Connect. You will learn to decode binary crash reports to generate and gather useful information.
Chapter 6, Forensics Recovery, holds all the recovery and backup related operations on the device. You will learn about recovery modes in detail along with data extraction from the device. This chapter will also allow the user to extract data from iTunes backup files by decrypting them. Then, finally, we will see some case studies to demonstrate how data was recovered from the device in very vital cases.
Chapter 7, Forensics Tools, explores all the aforementioned tools and their capacity to retrieve data. You will learn about the various features provided by each of them. We will also compare a few tools with each other, considering both open source and paid tools.
This book is designed to allow you to use different operating platforms (Windows, Mac, and Linux) through freeware, open source software, and commercial software. For a few sections, you will need Xcode 6.0 or above with a Mac OS X. Many of the other examples shown can be replicated using either the software tested by the authors or equivalent solutions and tools for iOS Forensics. Some specific cases require the use of commercial platforms, and among those, we preferred the platforms that we use in our daily work as forensic analysts. In any case, we were inspired by the principles of ease of use, completeness of information extracted, and the correctness of the presentation of the results by the software. This book is not meant to be a form of advertising for the aforementioned software in any way, and we encourage you to repeat the tests carried out on one operating platform on other platforms and software applications as well.
This book is intended mainly for a technical audience, and, more specifically, for forensic analysts (or digital investigators) who need to acquire and analyze information from mobile devices running iOS.
This book is also useful for computer security experts and penetration testers because it addresses some issues that definitely must be taken into consideration before the deployment of this type of mobile device in business environments or situations where data security is a necessary condition. Finally, this book could also be of interest to developers of mobile applications, and they can learn what data is stored on these devices, and where the application is used. Thus, they will be able to improve security.
In this book, you will find several headings that appear frequently (Getting ready, How to do it, How it works, There's more, and See also).
To give clear instructions on how to complete a recipe, we use these sections as follows:
This section tells you what to expect in the recipe, and describes how to set up any software or any preliminary settings required for the recipe.
This section usually consists of a detailed explanation of what happened in the previous section.
This section consists of additional information about the recipe in order to make you more knowledgeable about the recipe.
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "In the popup, provide the product name as DocumentDirectoriesSample."
A block of code is set as follows:
NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES); NSString *documentsDirectory = [paths objectAtIndex:0]; NSLog(@"%@", documentsDirectory);
When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);
NSString *documentsDirectory = [paths objectAtIndex:0];
NSLog(@"%@", documentsDirectory);New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Open Xcode and go to File | New | File, then navigate to iOS | Application | Single View Application."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
You can download the example code files from your account at http://www.packtpub.com for all the Packt Publishing books you have purchased. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.