Forum

You must be logged in to post Login Register

Search 
Search Forums:


 




Home Forums iPhone Forensics Investigating a JailBroken iPhone

Investigating a JailBroken iPhone
Page:   1  
UserPost

6:35 am
March 4, 2009


minpostbox03

Member

posts 3
1

First of all I would like to thank Andrew for a really great job evaluating all the tools and to share the result in the whitepaper. I think the only descent method at the moment is to use Jonathan Zdziarski's method.

Anyone that has experience from investigating a Jailbroken iPhone running Firmware v1 ?

I.e using iLiberty+ to install the Forensic Toolkit (ssh, nc, dd) according to Jonathan Zdziarski's method for iPhone (firmware v1).

My concern is: what will happen with the iPhone after the investigation ? Can you easily uninstall the forensic Toolkit and the phone is usable again or do you have to restore the iPhone using iTunes and reinstall a “fresh not jailbroken” firmware ?

I guess the same issue relates to v2 Firmware using the pwnage/xpwn metod ?

Any tips is highly appreciated since I'm about to examine a v1 iPhone.


-Anders

11:25 am
March 4, 2009


ahoog

Admin

Chicago, IL

posts 12
2

Post edited 1:16 pm – March 5, 2009 by ahoog

Hi Anders,

Thanks for the feedback.  Zdziarski encourages people to create a new user account on the iTunes machine (Windows or Mac) for each investigation.  You can then:

1. Backup the phone
2. Apply the forensic toolkit
3. Acquire the image
4. Re-apply Apple's firmware
5. Restore the data

Performing step 4 and 5 will return the phone to the state in which you found it and is the process people go through for a normal restore, upgrade, etc.  However, I would imagine some people would cringe at this. 

Andrew Hoog
Chicago Electronic Discovery
(w) 773-539-7909 (f) (312) 268-7281
http://chicago-ediscovery.com
Page:   1  
Topic RSS 
Search 

About the viaForensics forum

Most Users Ever Online:

21


Currently Online:

4 Guests

Forum Stats:

Groups: 1

Forums: 2

Topics: 9

Posts: 23

Membership:

There are 286 Members

There has been 1 Guest

There is 1 Admin

There are 0 Moderators

Top Posters:

minpostbox03 – 3

CHickman – 3

kurt38 – 1

cristyb7 – 1

sbartolomep – 1

apurva.rustagi – 1

Administrators: ahoog (12 Posts)