Levinson.Stackpole.JohnsonHICSS-44

Levinson.Stackpole.JohnsonHICSS-44 - Proceedings of the...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Third Party Application Forensics on Apple Mobile Devices Alex Levinson Rochester Institute of Technology alex.levinson@mail.rit.edu Bill Stackpole Rochester Institute of Technology bill.stackpole@rit.edu Daryl Johnson Rochester Institute of Technology daryl.johnson@rit.edu Abstract Forensics on mobile devices is not new. Law enforcement and academia have been performing forensics on mobile devices for the past several years. Forensics on mobile third party applications is new. There have been third party applications on mobile devices before today, but none that provided the number of applications available in the iTunes app store. Mobile forensic software tools predominantly addresses "typical" mobile telephony data - contact information, SMS, and voicemail messages. These tools overlook analysis of information saved in third-party apps. Many third-party applications installed in Apple mobile devices leave forensically relevant artifacts available for inspection. This includes information about user accounts, timestamps, geolocational references, additional contact information, native files, and various media files. This information can be made readily available to law enforcement through simple and easy-to-use techniques. 1. Introduction The operative word when describing mobile devices is “mobile”. Individuals carry cellular phones and other mobile devices with them everywhere. Forensic examiners have learned that information from such devices can be invaluable to an investigation. The data stored about the user can provide information about with whom they communicate and where they have traveled, all tied to a common time source (the cellular provider’s system clock.) So-called “smart phones” have expanded the amount of information stored about a user to include email history, location information stored by the device, usernames, passwords, wireless access point associations and other useful information. [1] With the introduction of an application marketplace (commonly referred to as an “app store”), the applications stored on the device have increasingly changed from being completely under the control of the device provider to being defined by the user. 1.1. Apple Devices With the introduction of the iPhone, Apple Computer has created a mobile handheld platform that allows users to install and configure a wide variety of applications via their “app store”. The iPad device, introduced in April 2010, runs most iPhone apps in full functionality, as well as some that have been modified specifically for use with this larger format device. Users select applications of their choice and install them on the device. The application is downloaded to the device from Apple’s servers and installed. The application can now be launched by the user. The application can store data about the user that customizes the app for their use or stores information about how and when they interact with the app. Apps are typically backed up to the personal computer of the user whenever the device is synced as well.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/20/2012 for the course 790 373 taught by Professor Boros during the Fall '09 term at Rutgers.

Page1 / 9

Levinson.Stackpole.JohnsonHICSS-44 - Proceedings of the...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online