Showing posts with label iOS. Show all posts
Showing posts with label iOS. Show all posts

Part 2 - So much evidence, so many artifacts, so little time…

Ken Mizota

In my last post, I summarized a handful of apps that are useful to search and explore your case, and apps that help with malware investigations. For latest updates on apps go to EnCase App central directly, or follow us on twitter @EnCase.

Without further ado, here are some more apps that we hope can help you make your case:

EnCase Forensic 7.09: iOS Investigations Out of the Box

Ken Mizota

Most investigators are familiar with the capabilities of EnCase® Forensic as a tool for investigation of desktops, servers, and hard drives, but did you know that ever since EnCase Forensic v7 was introduced, it has provided support for smartphone operating systems out-of-the-box? In Version 7.09, the latest release, EnCase improves smartphone acquisition, analysis and reporting capabilities by adding support for iOS 7 devices.

As you likely know, the mobile device market is dominated by iOS and Android devices. Over 90 percent of the world's smartphone users have an Apple- or Google-powered device. However, even within the majority, there are multiple factors that investigators like you must consider and ultimately deal with, including:

Difficult Times for iOS Investigations

Ken Mizota

A recent CNet story “Apple deluged by police demands to decrypt iPhones” was recently picked up by slashdot.org. The original article is a good read of one of the pain points in today’s iOS investigations, but the comments on the Slashdot.org post are downright illuminating. A veteran digital investigator probably already knows: iPhone 4S, iPhone 5 and iPad version 2+ passcode and encryption have been virtually impossible to bypass. Even built-for-purpose mobile device forensic companies plainly admit, iOS forensics has been advancing slowly.

Foul?