ios 9 is wrapping up
In recent weeks, the team has continued to look for current jailbreaks available for iOS 9.2.1.
We recently were able to find evidence of a TaiG9 beta version jailbreak for this iOS that we are currently investigating; it is a browser-based install that performs a semi-jailbreak, installing the jailbreak application store Cydia without elevating the user to root. Because this is a beta version of the jailbreak, applications from Cydia are not able to be run.
We are anxiously awaiting the release of iOS version 9.3, which will hopefully lead to a jailbreak. It will be interesting to see if and when the iOS 9.3 jailbreak appears as Apple’s software becomes more secure.
While waiting for a full jailbreak to come out, we are comparing mobile forensics tools and what data is viewable on non-jailbroken devices. We predict that the fully jailbroken device will have more information available to view, but in the meantime, we have looked at images of the pre-jailbreak device through various digital forensic tools, including Cellebrite, Magnet Forensics, and XRY.
When comparing Cellebrite and XRY, Cellebrite provided more information including (but not limited to) emails, contacts, applications, and analytic information. When putting our image into Internet Evidence Finder (IEF) from Magnet Forensics, we were able to gather similar information. Through IEF, information was gathered from our contacts, videos, classified URLS, Google Search terms, and more.
As this will be our last blog post for the semester, we hope you will check back at a later date to see our full report. Reports will begin to be released at the beginning of May 2016!
We welcome all feedback at the LCDI! If you have any questions or comments, feel free to leave a note here or contact us at lcdi@champlain.edu. Follow us on Facebook and Twitter for the most recent updates!