iOS Forensics: where are we now and what are we missing?
realitynet
1,594 views
60 slides
Jan 11, 2018
Slide 1 of 60
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
About This Presentation
In the last years several things have chaned in the world of iOS forensics, both in terms of acquisition and in terms of analysis. The objective of this presentation is to provide an overview of the state of the art in terms of acquisition techniques and overcoming of the device's protection mec...
Slide Content
FOR408 Windows Forensic Analysis<YOUR COURSE NAME HERE>
SANS DFIR
Prague, 3
rd
October 2017
© 2017 Mattia Epifani | All Rights Reserved |
iOS Forensics: where are we
now and what are we missing?
SANS DFIR
Prague, 3
rd
October 2017
© 2017 Mattia Epifani | All Rights Reserved |
iOS Forensics: where are we
now and what are we missing?
•iOS acquisition challenges
•Search and seizure of iOS Devices
•Acquisitiontechniques
•Alternativeoptions
2
Overview on iOS Forensics
•Search and seizure of iOS Devices
•Acquisitiontechniques
•Alternativeoptions
2
Overview on iOS Forensics
3
WhyiOS Forensics?
September2017 –Mobile OS (source Statcounter.com)
WhyiOS Forensics?
September2017 –Mobile OS (source Statcounter.com)
4
WhyiOS Forensics?
September2017 –Tablet OS (source Statcounter.com)
WhyiOS Forensics?
September2017 –Tablet OS (source Statcounter.com)
•iOS devices use full disk encryption
•Other protection layers
(i.e. per-file key, backup password)
•JTAGports are not available
•Chip-off techniques are not useful
because of full disk encryption
•But some experimental techniques are just out!
5
iOS Acquisition Challenges
•Other protection layers
(i.e. per-file key, backup password)
•JTAGports are not available
•Chip-off techniques are not useful
because of full disk encryption
•But some experimental techniques are just out!
5
iOS Acquisition Challenges
•Turnedoff device
•LEAVE IT OFF!
•Turnedon device
(lockedor unlocked)
•DON’T TURN IT OFF AND
THINK!
6
iOS Forensics RULES!
•LEAVE IT OFF!
•Turnedon device
(lockedor unlocked)
•DON’T TURN IT OFF AND
THINK!
6
iOS Forensics RULES!
1.ActivateAirplane mode
2.Connect to a powersource
(i.e. externalbattery)
3.Verifythe model
4.Verifythe iOSversion
7
PRESERVATION -Turned ON and LOCKED
2.Connect to a powersource
(i.e. externalbattery)
3.Verifythe model
4.Verifythe iOSversion
7
PRESERVATION -Turned ON and LOCKED
8
PRESERVATION -ActivateAirplane Mode on a LockedDevice
PRESERVATION -ActivateAirplane Mode on a LockedDevice
9
IDENTIFICATION -Identifythe model (I)
IDENTIFICATION -Identifythe model (I)
10
IDENTIFICATION -Identifythe model (II) and the iOSVersion
•Libimobiledevice(Linux/Mac)
http://www.libimobiledevice.org/
•iMobiledevice(Windows)
http://quamotion.mobi/iMobileDevice/
•ideviceinfo-s
•They also work on locked devices!
IDENTIFICATION -Identifythe model (II) and the iOSVersion
•Libimobiledevice(Linux/Mac)
http://www.libimobiledevice.org/
•iMobiledevice(Windows)
http://quamotion.mobi/iMobileDevice/
•ideviceinfo-s
•They also work on locked devices!
11
IDENTIFICATION -Identifythe model (II) and the iOSVersion
IDENTIFICATION -Identifythe model (II) and the iOSVersion
12
IDENTIFICATION -iPhone Model Chart
Device name Model number InternalName Identifier Year Capacity(GB)
iPhone 7 Plus A1784 D111AP iPhone9,4 2016 32, 128, 256
iPhone 7 Plus (China/Japan) A1661 –A1785 –A1786 D11AP iPhone9,2 2016 32, 128, 256
iPhone 7 A1778 D101AP iPhone9,3 2016 32, 128, 256
iPhone 7 (China) A1660 –A1779 –A1780 D10AP iPhone 9,1 2016 32, 128, 256
iPhone SE A1662 –A1723 –A1724 N69AP iPhone8,4 2016 16, 32, 64, 128
iPhone6s Plus A1634 –A1687 –A1699 –A1690 N66AP iPhone8,2 2015 16, 64, 128
iPhone6s A1633 –A1688 –A1700 –A1691 N71AP iPhone8.1 2015 16, 64, 128
iPhone 6 Plus A1522–A1524 –A1593 N56AP iPhone7,1 2014 16, 64, 128
iPhone 6 A1549 –A1586 N61AP iPhone7,2 2014 16, 64, 128
iPhone5S (CDMA) A1457–A1518–A1528–A1530 N53AP iPhone6,2 2013 16, 32
iPhone5S (GSM) A1433 –A1533 N51AP iPhone6,1 2013 16, 32, 64
iPhone5C (CDMA) A1507–A1516 –A1526 –A1529 N49AP iPhone5,4 2013 16, 32
iPhone5C (GSM) A1456–A1532 N48AP iPhone5,3 2013 16, 32
iPhone5rev.2 A1429–A1442 N42AP iPhone5,2 2012 16,32, 64
iPhone5 A1428 N41AP iPhone5,1 2012 16,32, 64
iPhone4s (China) A1431
N94AP iPhone4,1
2011 8, 16, 32, 64
iPhone4S A1387 2011 8, 16, 32, 64
iPhone4 -CDMA A1349 N92AP iPhone3,2 2011 8, 16, 32
iPhone4 -GSM A1332 N90AP iPhone3,1 2010 8, 16, 32
iPhone3GS (China) A1325
N88AP iPhone2,1
2009 8, 16, 32
iPhone3GS A1303 2009 8, 16, 32
iPhone3G (China) A1324
N82AP iPhone1,2
2009 8, 16
iPhone3G A1241 2008 8, 16
iPhone2G A1203 M68AP iPhone1,1 2007 4, 8, 16
IDENTIFICATION -iPhone Model Chart
Device name Model number InternalName Identifier Year Capacity(GB)
iPhone 7 Plus A1784 D111AP iPhone9,4 2016 32, 128, 256
iPhone 7 Plus (China/Japan) A1661 –A1785 –A1786 D11AP iPhone9,2 2016 32, 128, 256
iPhone 7 A1778 D101AP iPhone9,3 2016 32, 128, 256
iPhone 7 (China) A1660 –A1779 –A1780 D10AP iPhone 9,1 2016 32, 128, 256
iPhone SE A1662 –A1723 –A1724 N69AP iPhone8,4 2016 16, 32, 64, 128
iPhone6s Plus A1634 –A1687 –A1699 –A1690 N66AP iPhone8,2 2015 16, 64, 128
iPhone6s A1633 –A1688 –A1700 –A1691 N71AP iPhone8.1 2015 16, 64, 128
iPhone 6 Plus A1522–A1524 –A1593 N56AP iPhone7,1 2014 16, 64, 128
iPhone 6 A1549 –A1586 N61AP iPhone7,2 2014 16, 64, 128
iPhone5S (CDMA) A1457–A1518–A1528–A1530 N53AP iPhone6,2 2013 16, 32
iPhone5S (GSM) A1433 –A1533 N51AP iPhone6,1 2013 16, 32, 64
iPhone5C (CDMA) A1507–A1516 –A1526 –A1529 N49AP iPhone5,4 2013 16, 32
iPhone5C (GSM) A1456–A1532 N48AP iPhone5,3 2013 16, 32
iPhone5rev.2 A1429–A1442 N42AP iPhone5,2 2012 16,32, 64
iPhone5 A1428 N41AP iPhone5,1 2012 16,32, 64
iPhone4s (China) A1431
N94AP iPhone4,1
2011 8, 16, 32, 64
iPhone4S A1387 2011 8, 16, 32, 64
iPhone4 -CDMA A1349 N92AP iPhone3,2 2011 8, 16, 32
iPhone4 -GSM A1332 N90AP iPhone3,1 2010 8, 16, 32
iPhone3GS (China) A1325
N88AP iPhone2,1
2009 8, 16, 32
iPhone3GS A1303 2009 8, 16, 32
iPhone3G (China) A1324
N82AP iPhone1,2
2009 8, 16
iPhone3G A1241 2008 8, 16
iPhone2G A1203 M68AP iPhone1,1 2007 4, 8, 16
1.Preventthe phonelocking!
I.Don’tpress powerbutton!
II.DisableAuto-lock!
2.Verifyifa lockcode isset!
3.ActivateAirplane mode
4.Acquire the data assoonaspossible, keepingthe phone
unlocked!
OR
Connect to a computer to «pair» the iPhone
OR
1.Connect to a powersource (i.e. externalbattery)
2.Identifythe model
3.Identifythe iOS version
13
PRESERVATION -Turned ON and UNLOCKED
I.Don’tpress powerbutton!
II.DisableAuto-lock!
2.Verifyifa lockcode isset!
3.ActivateAirplane mode
4.Acquire the data assoonaspossible, keepingthe phone
unlocked!
OR
Connect to a computer to «pair» the iPhone
OR
1.Connect to a powersource (i.e. externalbattery)
2.Identifythe model
3.Identifythe iOS version
13
PRESERVATION -Turned ON and UNLOCKED
14
PRESERVATION
PREVENT LOCK STATE! ( DisableAuto-Lock)
PRESERVATION
PREVENT LOCK STATE! ( DisableAuto-Lock)
15
PRESERVATION -ActivateAirplane Mode on an unlockeddevice
PRESERVATION -ActivateAirplane Mode on an unlockeddevice
•iTunesBackup Can be password protected!
•Apple File RelayZdziarski, 2014 –Up to iOS7
•Apple File ConduitResult dependson iOSversion
•iCloud Alreadystoreddata or forced
•Full file systemPossible only on jailbroken devices
File System
•Availableup to iPhone4
•Possible on jailbrokendevices
Physical
16
ACQUISITION -Acquisitiontechniques
•Apple File RelayZdziarski, 2014 –Up to iOS7
•Apple File ConduitResult dependson iOSversion
•iCloud Alreadystoreddata or forced
•Full file systemPossible only on jailbroken devices
File System
•Availableup to iPhone4
•Possible on jailbrokendevices
Physical
16
ACQUISITION -Acquisitiontechniques
•Physical acquisition is always
possible
•In case of simple passcodeall data
will be decrypted
•In case of complex passcodeyou
will get in any case native
applications data (i.e. address book,
SMS, notes, video, images, etc.)
17
ACQUISITION -iPhone 4 and below
possible
•In case of simple passcodeall data
will be decrypted
•In case of complex passcodeyou
will get in any case native
applications data (i.e. address book,
SMS, notes, video, images, etc.)
17
ACQUISITION -iPhone 4 and below
18
ACQUISITION –
TurnedON and unlocked–TurnedOFF and withoutpasscode
•Always possible doing some kind of file
system acquisition
•The obtained data strongly depends on
the iOS version
•General approach
•Connect the phone to a computer
containing iTunes or a mobile
forensics tool
•”Pair” the phone with the computer
•Acquire the data with the various
possible techniques/protocols
ACQUISITION –
TurnedON and unlocked–TurnedOFF and withoutpasscode
•Always possible doing some kind of file
system acquisition
•The obtained data strongly depends on
the iOS version
•General approach
•Connect the phone to a computer
containing iTunes or a mobile
forensics tool
•”Pair” the phone with the computer
•Acquire the data with the various
possible techniques/protocols
19
ACQUISITION –
TurnedON and unlocked–TurnedOFF and withoutpasscode
•Possible problems:
•Backup password
•Managed devices
Connection to PC inhibited
•iOS 11 (!!!)
ACQUISITION –
TurnedON and unlocked–TurnedOFF and withoutpasscode
•Possible problems:
•Backup password
•Managed devices
Connection to PC inhibited
•iOS 11 (!!!)
20
iOS 11 –Lockdowngeneration
https://blog.elcomsoft.com/2017/09/new-security-measures-in-ios-11-and-their-forensic-implications/
•EstablishingTrust
(“pairing”) with a PC now
requiresthe passcode!
iOS 11 –Lockdowngeneration
https://blog.elcomsoft.com/2017/09/new-security-measures-in-ios-11-and-their-forensic-implications/
•EstablishingTrust
(“pairing”) with a PC now
requiresthe passcode!
21
ACQUISITION -TurnedON and LOCKED
•Search for a lockdown certificate on
a synced computer
•Unlock through fingerprint
•Try to force an iCloud backup
•Specific iOS version vulnerability for
bypassing passcode
ACQUISITION -TurnedON and LOCKED
•Search for a lockdown certificate on
a synced computer
•Unlock through fingerprint
•Try to force an iCloud backup
•Specific iOS version vulnerability for
bypassing passcode
22
ACQUISITION –Lockdowncertificate
•Storedin:
•C:\Program Data\Apple\Lockdown Win7/8/10
•/private/var/db/lockdown Mac OS X
•Certificate file name Device_UDID.plist
•The certificate can be extracted from the computer
and used in another with some forensic tools or
directly with iTunes
•Lockdown certificate stored on a computer is valid
for 30 days
•Lockdown certificate can be used within 48 hours
since last user unlocked with the passcode
ACQUISITION –Lockdowncertificate
•Storedin:
•C:\Program Data\Apple\Lockdown Win7/8/10
•/private/var/db/lockdown Mac OS X
•Certificate file name Device_UDID.plist
•The certificate can be extracted from the computer
and used in another with some forensic tools or
directly with iTunes
•Lockdown certificate stored on a computer is valid
for 30 days
•Lockdown certificate can be used within 48 hours
since last user unlocked with the passcode
•To configure Touch ID, you must first set up a
passcode. Touch ID is designed to minimize
the input of your passcode; but your passcode
will be needed for additional security
validation:
•After restarting your device
•When more than 48 hours have elapsed
from the last time you unlocked your device
•To enter the Touch ID & Passcode setting
•https://support.apple.com/en-us/HT204587
23
ACQUISITION –Fingerprint Unlock
passcode. Touch ID is designed to minimize
the input of your passcode; but your passcode
will be needed for additional security
validation:
•After restarting your device
•When more than 48 hours have elapsed
from the last time you unlocked your device
•To enter the Touch ID & Passcode setting
•https://support.apple.com/en-us/HT204587
23
ACQUISITION –Fingerprint Unlock
24
iOS 11 –SOS Mode
•Apple hasaddedan new emergency
featuredesignedto giveusersan
intuitive way to call emergencyby
simplypressing the Powerbutton
fivetimesin rapidsuccession
•ThisSOS mode notonlyallows
quicklycallingan emergencynumber,
butalsodisablesTouchID
https://blog.elcomsoft.com/2017/09/new-security-measures-in-ios-11-and-their-forensic-implications/
iOS 11 –SOS Mode
•Apple hasaddedan new emergency
featuredesignedto giveusersan
intuitive way to call emergencyby
simplypressing the Powerbutton
fivetimesin rapidsuccession
•ThisSOS mode notonlyallows
quicklycallingan emergencynumber,
butalsodisablesTouchID
https://blog.elcomsoft.com/2017/09/new-security-measures-in-ios-11-and-their-forensic-implications/
25
ACQUISITION –Force iCloudbackup
•Be careful when using this option and try other
methods first!
•Possible overwriting of already existing backup
•Risk of remote wiping
•Follow this approach:
•Bring the device close to a known Wi-Fi network
•Connect to a power source
•Wait a few hours
•Request data from Apple or download it
•Legal authorization
•Credentials or token is needed
ACQUISITION –Force iCloudbackup
•Be careful when using this option and try other
methods first!
•Possible overwriting of already existing backup
•Risk of remote wiping
•Follow this approach:
•Bring the device close to a known Wi-Fi network
•Connect to a power source
•Wait a few hours
•Request data from Apple or download it
•Legal authorization
•Credentials or token is needed
•A comprehensive and continuously updated list
is maintained at:
•http://blog.dinosec.com/2014/09/bypas
sing-ios-lock-screens.html
•Latest available for iOS 10.3
•CVE-2017-2397
•“An issue was discovered in certain Apple
products. iOS before 10.3 is affected. The
issue involves the "Accounts" component. It
allows physically proximate attackers to
discover an Apple ID by reading an iCloud
authentication prompt on the lock screen.”
26
ACQUISITION –Specific iOS version vulnerability
is maintained at:
•http://blog.dinosec.com/2014/09/bypas
sing-ios-lock-screens.html
•Latest available for iOS 10.3
•CVE-2017-2397
•“An issue was discovered in certain Apple
products. iOS before 10.3 is affected. The
issue involves the "Accounts" component. It
allows physically proximate attackers to
discover an Apple ID by reading an iCloud
authentication prompt on the lock screen.”
26
ACQUISITION –Specific iOS version vulnerability
•Try to use a lockdown
certificate
•It works well on iOS 7 (AFR and AFC)
•It can still get some data on iOS 8 (AFC)
•Not useful on iOS 9/10/11
•Some specific unlocking tools
•They work on iOS 7 and iOS 8
•UFED User Lock Code Recovery Tool
•IP-BOX
•MFC Dongle
•XpinClip
27
ACQUISITION –Turned OFF and LOCKED
certificate
•It works well on iOS 7 (AFR and AFC)
•It can still get some data on iOS 8 (AFC)
•Not useful on iOS 9/10/11
•Some specific unlocking tools
•They work on iOS 7 and iOS 8
•UFED User Lock Code Recovery Tool
•IP-BOX
•MFC Dongle
•XpinClip
27
ACQUISITION –Turned OFF and LOCKED
28
ACQUISITION –Turned OFF and LOCKED (iPhone 7)
ACQUISITION –Turned OFF and LOCKED (iPhone 7)
29
ACQUISITION –Turned OFF and LOCKED (iPhone 7)
ACQUISITION –Turned OFF and LOCKED (iPhone 7)
30
ACQUISITION –CAIS (Cellebrite Advanced Investigative Services)
https://www.cellebrite.com/en/services/unlock-services/
ACQUISITION –CAIS (Cellebrite Advanced Investigative Services)
https://www.cellebrite.com/en/services/unlock-services/
31
Alternative options
•Local backup stored on user’s computer
•Other data stored on user’s computer
•iCloud acquisition
•Experimental techniques (chip-off)
Alternative options
•Local backup stored on user’s computer
•Other data stored on user’s computer
•iCloud acquisition
•Experimental techniques (chip-off)
32
Backup storedon the user’scomputer
Backup storedon the user’scomputer
33
Encryptedbackup
Encryptedbackup
34
iOS Backup password cracking on Mac OS X
iOS Backup password cracking on Mac OS X
35
Dumpkeychain
Dumpkeychain
36
Dumpkeychain
Dumpkeychain
37
Otherdata storedon the user’scomputer
•Windows
•C:\ProgramData\AppleComputer\
•iTunes\iPodDevices.xml Connected iOS devices
•C:\Users\[username]\AppData\Roaming\Apple Computer
•MobileSync\Backup Device Backup
•Logs Various device logs
•MediaStream PhotoStreaminformation
•iTunes iTunes Preferences and Apple
account information
•Mac OS X
•https://www.mac4n6.com/resources/
•Sarah Edwards
•Ubiquity Forensics -Your iCloud and You
Otherdata storedon the user’scomputer
•Windows
•C:\ProgramData\AppleComputer\
•iTunes\iPodDevices.xml Connected iOS devices
•C:\Users\[username]\AppData\Roaming\Apple Computer
•MobileSync\Backup Device Backup
•Logs Various device logs
•MediaStream PhotoStreaminformation
•iTunes iTunes Preferences and Apple
account information
•Mac OS X
•https://www.mac4n6.com/resources/
•Sarah Edwards
•Ubiquity Forensics -Your iCloud and You
38
iPodDevices.xml
iPodDevices.xml
39
MobileMeAccounts.plist
MobileMeAccounts.plist
40
LogsFolder
LogsFolder
41
Logsfolder
•Installed applications list and usage
•Various logs like PowerLog, Security, OnDemand
•iTunes username
•itunesstored.2.logfile
•File name of e-mail attachments
•MobileMaillogs
•List of Wi-Fi networks and history of latest
connections
•Wi-Filogs
Logsfolder
•Installed applications list and usage
•Various logs like PowerLog, Security, OnDemand
•iTunes username
•itunesstored.2.logfile
•File name of e-mail attachments
•MobileMaillogs
•List of Wi-Fi networks and history of latest
connections
•Wi-Filogs
42
OnDemandlog
OnDemandlog
43
itunesstored.2.log
itunesstored.2.log
44
MobileMailLog
MobileMailLog
45
Wi-Fi log
Wi-Fi log
•You need
•User credentials
OR
•Token extracted from a computer (Windows/Mac)
•Only if iCloud Control Panel is installed!
•You can obtain
•iCloud Device Backup
•iCloud Calendars
•iCloud Contacts
•Photo Streams
•Email
•Specific application data
46
iCloud Acquisition
•User credentials
OR
•Token extracted from a computer (Windows/Mac)
•Only if iCloud Control Panel is installed!
•You can obtain
•iCloud Device Backup
•iCloud Calendars
•iCloud Contacts
•Photo Streams
•Specific application data
46
iCloud Acquisition
47
ACQUISITION –iCloud Acquisition
ACQUISITION –iCloud Acquisition
48
ACQUISITION –iCloud Acquisition
ACQUISITION –iCloud Acquisition
49
ACQUISITION –iCloud Acquisition
ACQUISITION –iCloud Acquisition
50
ACQUISITION –iCloud Acquisition
ACQUISITION –iCloud Acquisition
51
ACQUISITION –iCloud Acquisition
ACQUISITION –iCloud Acquisition
52
ACQUISITION –iCloud Acquisition
ACQUISITION –iCloud Acquisition
53
ACQUISITION –iCloud Acquisition
ACQUISITION –iCloud Acquisition
•Youcan request:
•Subscriberinformation
•Mail logs
•Email content
•Other iCloudContent
•iOSDevice Backups
•iCloudPhoto Library
•iCloudDrive
•Contacts
•Calendar
•Bookmarks
•Safari BrowsingHistory
•FindMy iPhone
•Game Center
•iOSDevice Activation
•Sign-on logs
•My Apple ID and iForgotlogs
•FaceTimelogs
54
Apple support
https://images.apple.com/legal/privacy/law-enforcement-guidelines-outside-us.pdf
•Subscriberinformation
•Mail logs
•Email content
•Other iCloudContent
•iOSDevice Backups
•iCloudPhoto Library
•iCloudDrive
•Contacts
•Calendar
•Bookmarks
•Safari BrowsingHistory
•FindMy iPhone
•Game Center
•iOSDevice Activation
•Sign-on logs
•My Apple ID and iForgotlogs
•FaceTimelogs
54
Apple support
https://images.apple.com/legal/privacy/law-enforcement-guidelines-outside-us.pdf
•Recently published research by Sergei Skorobogatov
•The bumpy road towards iPhone 5C NAND mirroring
•http://www.cl.cam.ac.uk/~sps32/5c_proj.html
•https://arxiv.org/pdf/1609.04327v1.pdf
•https://www.youtube.com/watch?v=tM66GWrwbsY
55
Chip Off (Experimental)
•The bumpy road towards iPhone 5C NAND mirroring
•http://www.cl.cam.ac.uk/~sps32/5c_proj.html
•https://arxiv.org/pdf/1609.04327v1.pdf
•https://www.youtube.com/watch?v=tM66GWrwbsY
55
Chip Off (Experimental)
56
iOS Forensics Tools
ForensicTools
CellebritePhysicalAnalyzer
MagnetIEF/AXIOM/Acquire
OxygenForensic
ElcomsoftPhone Breaker
Elcomsoft Phone Viewer
ElcomsoftiOSForensicToolkit
XRY
MPE+
ParabenDevice Seizure
X-Ways/FTK/Encase
Othertools
iTunes
Libimobiledevice
iMobiledevice
iBackupbot
iPhone Backup Extractor
iFunBox
iTools
iExplorer
Plisteditor
SQLiteDatabase Broswer
iOS Forensics Tools
ForensicTools
CellebritePhysicalAnalyzer
MagnetIEF/AXIOM/Acquire
OxygenForensic
ElcomsoftPhone Breaker
Elcomsoft Phone Viewer
ElcomsoftiOSForensicToolkit
XRY
MPE+
ParabenDevice Seizure
X-Ways/FTK/Encase
Othertools
iTunes
Libimobiledevice
iMobiledevice
iBackupbot
iPhone Backup Extractor
iFunBox
iTools
iExplorer
Plisteditor
SQLiteDatabase Broswer
57
Learning iOS Forensics –Second Edition
https://www.packtpub.com/networking-and-servers/learning-ios-forensics-second-edition
Learning iOS Forensics –Second Edition
https://www.packtpub.com/networking-and-servers/learning-ios-forensics-second-edition
58
SANS FOR 585 -Advanced Smartphone Forensics
https://www.sans.org/course/advanced-smartphone-mobile-device-forensics
SANS FOR 585 -Advanced Smartphone Forensics
https://www.sans.org/course/advanced-smartphone-mobile-device-forensics
59
SANS FOR 585 -Advanced Smartphone Forensics
https://www.sans.org/course/advanced-smartphone-mobile-device-forensics
SANS FOR 585 -Advanced Smartphone Forensics
https://www.sans.org/course/advanced-smartphone-mobile-device-forensics
60
Q&A
Mattia Epifani
•CEO @ REALITY NET –System Solutions
•Digital Forensics Analyst
•Mobile Device Security Specialist
•Memberof Clusit, DFA, IISFA, ONIF, Tech&Law
•GCFA, GCFE, GASF, GREM, GNFA, GMOB, GCWN
•CEH, CHFI, CCE, CIFI, ECCE, AME, ACE, MPSC
[email protected]
@mattiaep
http://www.linkedin.com/in/mattiaepifani
http://www.realitynet.it
http://blog.digital-forensics.it
Q&A
Mattia Epifani
•CEO @ REALITY NET –System Solutions
•Digital Forensics Analyst
•Mobile Device Security Specialist
•Memberof Clusit, DFA, IISFA, ONIF, Tech&Law
•GCFA, GCFE, GASF, GREM, GNFA, GMOB, GCWN
•CEH, CHFI, CCE, CIFI, ECCE, AME, ACE, MPSC
[email protected]
@mattiaep
http://www.linkedin.com/in/mattiaepifani
http://www.realitynet.it
http://blog.digital-forensics.it
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1,594
- Slides 60
- Favorites 1
- Age 2881 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views