One of the pain in the butt aspects of conducting computer forensic investigations is running into the one offs and stranger OS platforms. One of the new kids to hit the scene, iPhone, presents and interesting wrinkle. What to do if there is a need to conduct a forensic investigation on one of these iconic devices? The operating system for the the iPhone is a closed version of the Mac OS X. So, what are folks in the business saying?
From Wired:
But not every forensics expert is convinced. “The iPhone is evil,” says Amber Schroader, CEO of Utah-based Paraben, a leader in digital-forensics software development. “It’s Mac OS X, and it’s a completely closed system.”
In other words, it’s not easy for a forensics team to guarantee that the data extracted from an iPhone has not been tampered with. The result is that juries may find reasonable doubt in how that data was extracted.
Hmm, so how does one retrieve the data without altering it in the process? A quick search of the portal at Guidance Software, the makers of forensic software EnCase, revealed no hits.
Today at MacWorldExpo data recovery firm DriveSavers will reveal their service offering for recovering data from iPhones. Apparently, according to their press release, they have managed to accomplish this task but, there was no word yet on exactly how they managed to accomplish this task. “Will it stand up in court” is the real test. I guess we have to stay tuned.
[tags]EnCase, Computer Forensics, iPhone Forensics, iPhone Recovery, DriveSavers[/tags]
