XRY Logical Downloads of the IPhone

Playing around with XRY the other day, I downloaded my iPhone. I had created a profile to only load in SMS because I was primarlily interested in looking at deleted SMS contained in the live database (i.e. SMS record slots inside the database that had been flagged as available but still containing the old data) with XACT.

After loading the file into XACT, I did a findstrings search inside the SMS database and did indeed discover deleted SMS (These were SMS messages I knew were on the phone and deleted just prior to my taking the read of the handset).These were unparsed of course but it was encouraging to see the ASCII text.

I then exported the SMS.DB from XACT and loaded it into Text Pad and looked for the deleted messages. I found them as seen in the below screen capture

Interesting…as I play more with XACT and the iPhone, I’ll post more tips and tricks!

Iphone 3g Forensic Myths

Sean Morrissey weighs in on some myths about the current open source forensic solutions floating about the internet regarding the 3gs iPhone.

http://blog.osxforensics.com/2009/09/30/iphone-3gs-imaging-method-myths.aspx

Free Utility For Parsing out Deleted SMS from IPhone DBs

Here’s a cool utility for parsing out deleted SMS from existing IPhone SQLLite SMS Dbs

http://riactant.wordpress.com/2009/09/09/iphone-sms-retriever-utility-for-windows/

Great Article on Mobile Forensic Evidence

Great Article by Kipp Loving and Christa Miller on potentially missed evidence

ttp://www.officer.com/print/Law-Enforcement-Technology/The-crime-scene-evidence-youre-ignoring/1$48858

Can Jailbreaking an iPhone Knock Out Transmission Towers?

Apple filed a claim with the US copyright office that jailbreaking an iPhone could crash a wireless provider’s transmission towers and therefore allow people to avoid paying for telephone calls (Capt. Crunch anyone?)

Read the story here

Jailbreaking could crash transmission towers

Here’s also a link to Apple’s answer’s to the copyright office questions
Apple’s Answers

Is this more of ATT pressure like the Google App boondongle? Or is it as some suggest more Cupertino attempts at hegemony on app vendors…..?

Cell Provider Data

Interesting article by Social Network Guru and Law Enforcement Technology Writer Christa Miller on the importance of looking beyond the mobile forensic device to the wireless provider itself

The Other Side of Mobile Forensics

Apple Quashes Google Voice App?

Is Apple asking for the ire of Mobile Users?

http://www.techcrunch.com/2009/07/27/apple-is-growing-rotten-to-the-core-and-its-likely-atts-fault/

iPhone 3Gs forensic imaging

The latest for Mr. Nerve Gas Jon Z

LOL Jon…edit out the spinning wheel (hehe)…good stuff all around!

Isn’t it interesting…

….how fickle we are and how easy we forget?

Http://PrivacyDigest.com/node/1807 — Server with top-secret data stolen from Forensic Telecommunications Services

Twinkle on iPhone being used for Online Solicitation

This is an interesting yet regrettable discovery by a fellow forensic examiner…like he says guess it was just a matter of time

http://www.binint.com/2009/02/twinkle-future-of-online-enticement.html