iPhone Artifact Comparison Part 3

Initial findings

Since our last posting, we have officially finished generating data and imaging the iPhone 3gs and iPhone 4. Over the next couple of weeks, we will finish generating data with the iPhone 5 and begin comparing where the various application files are stored on the three different iPhones.

This week we began looking at the data from the iPhone 3gs and found that we may need to work harder than expected to find the file paths of where the applications store their data. We initially thought that the Cellebrite extraction would give us the file paths to the data it extracted, but it did not give us the paths for every application or all  data. This means that we will need to go through the image of the file system and find where each application is stored. We are currently in the process of doing this and have found that much of the data we are looking for is stored in /Data/mobile/Applications. The application folders are not listed with their names, but  with their identification numbers, which can be found under Installed Applications in the Cellebrite UFED Physical Pro Analyzed Data tab. As of right now, we have not discovered any account information or usage data. Unfortunately, we did discover that the timeline in the Analyze Data section of the Cellebrite UFED Physical Pro was missing a few days’ worth of data.

Despite our complications, we were able to find the folders associated with WhatsApp, Viber, Facebook, Facebook Messenger, Twitter, Google Plus, Skype, Yahoo Messenger, Dropbox, Touch, KIK, Kakao Talk, ICQ, Opera Mini, YouTube, Any.DO, Snapchat, Line, MySMS, Keepsafe, Yahoo Mail, Chrome, LinkedIn, QQ, and ooVoo. We are well on our way to creating a comparison of where data is stored on our  iPhone models.

For more on this project, check out parts 1 and 2 of the blog:

http://computerforensicsblog.champlain.edu/2014/01/16/iphone-artifact-comparison-introduction/

http://computerforensicsblog.champlain.edu/2014/02/05/iphone-artifact-comparison-part-2/

-Maegan Katz

More Research Projects
The Internet of Things Team: An Inside Look
CyberTech: Creating a Safer Internet Through Education
Capstone Chronicles: The Networking Natural