This project is based on research we are conducting on Wickr, an integrated text messaging application supported by IOS devices. Wickr claims to provide its users with:
The power to send the message to specific people with a destruction time of the message
A high amount of encryption (AES256, ECDH521, RSA40961) to provide security
A passcode that is needed to enter the messaging application
Increased privacy through unobtainable user data and personal information
FIPS 140-2, HIPAA and other Top Secret Communication methods
This project will focus on authenticating the claims above and finding the data generated by Wickr.
Devices in Use
Cellebrite UFED Physical Analyzer 220.127.116.11
Access Date Forensic Toolkit 4.1
- Access Data Password Recovery Toolkit
Research and Development
The device in use is an iPhone 3Gs with the 6.1.3 IOS.
The iPhone 3Gs will be imaged first without Jailbreak or Wickr and then with both programs.
The iPhone will also be periodically backed up using iTunes.
The image below shows the iPhone 3GS Physical imaging without Jailbreak or Wickr using the Cellebrited UFED Physical Analyzer 18.104.22.168.
During the Extractions phase, Physical Extraction is selected.
The User and System data partitions are selected to acquire all the data from the device.
The same specifications were selected when imaging the iPhone 3GS after Jailbreak and Wickr were installed.
Both physical images of the iPhone 3GS are being compared currently. The team is looking for differences in the data found on the devices, which could help determine where the data is stored and how the data changes over time.
1 These encryption methods are widely used in agencies providing security and are considered the top ciphers used.