iPad (Computer), Cyber forensics, Computer forensics, Mobile device forensics
Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security
Due to their usage increase worldwide, iPads are on the path of becoming key sources of digital evidence in criminal investigations. This research investigated the logical backup acquisition and examination of the iPad2 device using the Apple iTunes backup utility while manually examining the backup data (manual examination) and automatically parsing the backup data (Lantern software-automated examination).The results indicate that a manual examination of the logical backup structure from iTunes reveals more digital evidence, especially if installed application data is required for an investigation. However, the researchers note that if a quick triage is needed of an iOS device, then automated tools provide a faster method for obtaining digital evidence from an iOS device. The results also illustrate that the file names in the backup folders have changed between iOS 3 and iOS 4. Lastly, the authors note the need for an extensible software framework for future automated logical iPad examination tools.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 4.0 License.
Ali, Somaya; AlHosani, Sumaya; AlZarooni, Farah; and Baggili, Ibrahim, "IPad2 Logical Acquisition: Automated or Manual Examination?" (2012). Electrical & Computer Engineering and Computer Science Faculty Publications. 18.
Ali, S., AlHosani, S., AlZarooni, F., & Baggili, I. (2012). iPad2 Logical Acquisition: Automated or manual examination? In Proceedings of the Conference on Digital Forensics, Security and Law (pp. 113-128).