Last Updated: 2007-07-03 08:23:28 UTC
by Maarten Van Horenbeeck (Version: 1)
A lot of chatter has appeared on the security of Apple’s new iPhone. As with any new technology, it is to be expected that some security issues will be identified and fixed.
- There may not be a clear distinction between which memory space is used for data and which is used for processes. Loss of battery power generally leads to loss of evidence;
- In most cases you can only acquire data ‘logically’, by requesting it through the phone software. In those rare cases where you can ‘physically’ dump memory as an image, this may still depend on phone functionality that can be ‘flashed’. As such, integrity of evidence could be a serious issue;
- An attacker could still be able to connect to the device remotely if it is not kept in a shielded environment.
- Tools can include free software such as Tulp2g, or one of the many commercial packages. The NIST offers a great tool review for mobile forensics;
- Skills and procedures can be gathered through training or exercise. One great resource is the NIST site;
- Hardware should include a SIM/USIM card reader (generally a regular smartcard reader which supports the smaller format), the necessary cables to connect your supported cell phones to the analysis workstation, as well as an RF shielding bag to prevent evidence compromise.
Some other issues may require review with your legal team. Some of the data stored on a SIM/USIM card, for example, some data may allow an investigator to assess broadly the past physical location of a cell phone user. This could be a very significant privacy issue.
Maarten Van Horenbeeck