iPod Forensics Update - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

iPod Forensics Update

Description:

Update law enforcement, incident response team members and other ... Accept music, video, photo based files. Allows any other ... Restore device. Re-image, ... – PowerPoint PPT presentation

Number of Views:90
Avg rating:3.0/5.0
Slides: 13
Provided by: chante7
Category:
Tags: forensics | ipod | update

less

Transcript and Presenter's Notes

Title: iPod Forensics Update


1
iPod Forensics Update
  • Chantel Bowie
  • Digital Forensics

2
Introduction
  • Original use
  • Portal music device
  • Store, play files
  • Evolution
  • Video, store wide variety of data
  • Digital forensics
  • Keep up!

3
Goals
  • Update law enforcement, incident response team
    members and other forensic first responders
    regarding the newest generation of Apples iPod
    and its forensic value.
  • Increase awareness of this unusual source of
    digital evidence and assist in the recovery of
    data for law enforcement

4
iPod Forensics
  • iPod Design
  • Accept music, video, photo based files
  • Allows any other type of files
  • Acts as external hard drive to host computer
  • Text files transferred to Notes folder
  • Yes
  • Windows Explorer transferred files
  • No
  • Legal considerations
  • Treat as suspect hard drive

5
Testing
  • Methodology
  • Forensics Tools
  • Access Datas FTK
  • FTK Asia
  • EnCase
  • Subrosasofts Macintosh Forensic Software (MFS)
  • Tests
  • Testing on Windows XP
  • Testing on Mac OS

6
Testing (continued)
  • Install ITunes and Apple Software Updates
  • Image, analyze w/ forensic tools
  • Delete predetermined files
  • Disconnect, reconnect write blocker
  • Restore device
  • Re-image, analyze

7
Results
  • Retrieving deleted files could only be performed
    by data carving
  • Odd results
  • Best guess determining file types and sizes
  • Restoring a device through iTunes rewrites
    partition tables and creates new directory
    structure.

8
Results (continued)
  • Windows Version
  • Easier to analyze
  • Forensic tools proved to be more efficient
  • New generation vs. Old generation
  • 5.5 generation more difficult to analyze

9
Windows
10
Mac
11
Conclusion
  • New generation
  • Stores vast amounts of data
  • Tools have difficult time analyzing
  • Updates/changes
  • Eliminate user name and initializing computer
  • Valuable evidence can still be found
  • Investigators must know importance of these
    devices and what tools can be used to extract
    evidence

12
References
  • International Journal of Digital Evidence
  • Spring 2007 Volume 6, Issue 1
  • Authors
  • Matthew Kiley
  • Tim Shinbara
  • Marcus Rogers
  • http//www.utica.edu/academic/institutes/ecii/ijde
    /articles.cfm?current1
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "iPod Forensics Update" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!