Mobile Apps Forensics 2nd Update

Introduction

Since our last update, we have been working on figuring out how to get an image of the iPhone 5 using Cellebrite and then analyzing said image.

Analysis of Mobile Apps forensics

In our last post, we discussed that we were unable to get a proper image of the iPhone 5 due to a permission error with the AFC2 service. We were finally able to work around this by backing the phone up using iTunes and then using Cellebrite to analyze the backup.
We began to analyze the backup and were able to find images from Yik Yak stored on the iPhone. We are still looking into the image, but it is looking like the Nexus 7 produced more artifacts than the iPhone.

Conclusion

After the first round of analysis, it appears that Cellebrite produced more artifacts than XRY and we have thus scrapped the use of XRY on this project. We were able to pull more information from the Nexus 7 than the iPhone, but we are still analyzing the iPhone image. We hope to finish the analysis up in the next few days and hopefully confirm that the Nexus 7 does indeed produce more artifacts than the iPhone 5. We will begin moving onto the next application, Periscope, so be on the lookout for our next update!

More Research Projects
CyberRange Team: Creating The Perfect Sandbox Environment
The Internet of Things Team: An Inside Look
CyberTech: Creating a Safer Internet Through Education