Document Type

Conference Proceeding

Publication Date

2012

Subject: LCSH

iPad (Computer), Cyber forensics, Computer forensics, Mobile device forensics

Disciplines

Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security

Abstract

Due to their usage increase worldwide, iPads are on the path of becoming key sources of digital evidence in criminal investigations. This research investigated the logical backup acquisition and examination of the iPad2 device using the Apple iTunes backup utility while manually examining the backup data (manual examination) and automatically parsing the backup data (Lantern software-automated examination).The results indicate that a manual examination of the logical backup structure from iTunes reveals more digital evidence, especially if installed application data is required for an investigation. However, the researchers note that if a quick triage is needed of an iOS device, then automated tools provide a faster method for obtaining digital evidence from an iOS device. The results also illustrate that the file names in the backup folders have changed between iOS 3 and iOS 4. Lastly, the authors note the need for an extensible software framework for future automated logical iPad examination tools.

Comments

Dr. Baggili was appointed to the University of New Haven’s Elder Family Endowed Chair in 2015.

This work is licensed under a Creative Commons Attribution 4.0 International License. © 2006-2015 Association of Digital Forensics, Security and Law

Creative Commons License

Creative Commons Attribution-Share Alike 4.0 International License
This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.

Publisher Citation

Ali, S., AlHosani, S., AlZarooni, F., & Baggili, I. (2012). iPad2 Logical Acquisition: Automated or manual examination? In Proceedings of the Conference on Digital Forensics, Security and Law (pp. 113-128).

Download

Share

COinS