Sean Morrissey CEO Katana Forensics, LLC - SANS Computer ...

Sean Morrissey CEO Katana Forensics, LLC - SANS Computer ...

computer.forensics.sans.org
READ

Sean Morrissey CEO Katana Forensics, LLC - SANS Computer ...

READ

iOS Forensics

Sean Morrissey

CEO

Katana Forensics, LLC

Sean

Morrissey

Computer Forensic Analyst

Federal Agency

CEO Katana Forensics

Former LE in Maryland

US Army Officer

I

Make

These

Just Kidding.......

Really I Make This....

Lantern iOS Forensics Software

But I named it

after.....

The First Logo looked

Like This

iOS Forensics

What is iOS Forensics?

How do we handle iOS Devices?

How do we examine them?

How are things changing?

iOS Forensics

The Analysis of Apple Mobile Devices

2007 2010

4GB 32GB

2011

64GB

iPhones

Worldwide

Total 35 Million and growing

500,000

Handling iOS

Devices

Remove Sim card - Disconnect from

cellular network

Turn off Wifi and Bluetooth

Airplane Mode

No access to GUI - do the above and if

needed use a Faraday Bag also

oops!

Backup data

Historical data from one or more devices

Syncing certificates [.plist] that can aid in

bypassing passcodes

Windows 7:

user/[username]/appdata/roaming/AppleComp

uter/MobileSync/Backup

OSX: private/var/db/lockdown

iOS 2 backups,

0dc926a1810f7aee4e8f38793ed788701f93bf9d.mdba

ckup

iOS 3 backups,

0dc926a1810f7aee4e8f38793ed788701f93bf9d.mdata

0dc926a1810f7aee4e8f38793ed788701f93bf9d.mdinf

o

iOS 4 backups,

In Search Warrants


PCs/Macs

iCLoud

Data Synced over numerous devices

Logical Analysis

Logical Data &

Extraction

After the release of the iPhone in 2007,

forensic developers were racing to build

applications to analyze the iDevices

Lantern 2.0

XRY

Paraben

Logical Tools

Secure View 3

Physical Analysis

iXAM

MPE+

Physical Tools

Images

iOS 3

iOS 4

Synced Images

iOS 3

Geo Tracking

iOS 4

Geo Location

Today we live in a world of instant gratification,

where data is streamed instantiously.

News

Twitter

Facebook

Case Loads

Time is the enemy

Case in Point

OJ Simpson Murder Trial

DNA Evidence Attacked

Made Huges Waves

Digital OJ.....

Validate Your Tools

One of the most important canon of

forensics

iSheep

Setup forDisaster

Have their place in forensics

Are more accurate than other tools

Can adjust to changes quicker

Easier to validate

Cost effective

Niche Tools

ViaExtract

The future is...

Smartphones

Apple iDevices

Android Devices

RIM?

Windows?

Last Man Standing

Apple - iOS

Google - Android

Sean Morrissey

smorrissey@katanaforensics.com

(410) 714-1413

www.katanaforensics.com

More magazines by this user
Building, Maturing & Rocking a Security Operations Center - SANS ...
Sniper Forensics “One Shot, One Kill” - SANS Computer Forensics
exFAT History - SANS Computer Forensics
examples of recent apt persistence mechanisms - SANS Computer ...
Ovie Carroll - SANS Forensic Trends and Futures.pdf
Analysis & Correlation of Mac Logs - SANS
“ANN'S AURORA” - SANS Computer Forensics
Encryption v20.10 - SANS Computer Forensics
F-Response, 9 Months later… - SANS
Tales from the Crypt - TrueCrypt Analysis - SANS
Incident Response and Computer Network Defense - SANS ...
Digital Forensics for IaaS Cloud Computing - SANS Computer ...
Lance Mueller - SANS Computer Forensics
BETH WHITNEY - SANS
Protecting Privileged Domain Accounts during Live Response
All the Gear..and No Idea.. - Scalable, fast - SANS
Taking Registry Analysis to the Next Level - SANS Computer ...
Brendan Dolan-Gavitt Georgia Institute of Technology - SANS
Mark McKinnon RedWolf Computer Forensics Mark ... - SANS
Rapid Analysis of Live Response Data - SANS Computer Forensics
Advanced file carving - SANS Computer Forensics
Beyond Fuzzy Hashing - SANS Computer Forensics
Working with Law Enforcement SANS Forensics Summit
MODERN ENTERPRISE INCIDENT RESPONSE - SANS
Forensic Challenges in the Courtroom - SANS Computer Forensics
When Macs Get Hacked - SANS Computer Forensics
Non APT Trends by Vertical - SANS
Sniper Forensics V2.0 Target Acquisition - SANS - SANS Institute
Rob Lee - Counter Insurgency.pdf - SANS
Richard Brittson - New York County District Attorney's Office ... - SANS
Similar magazines
SIFT WORKSTATION - SANS Computer Forensics - SANS Institute
Lance Mueller - SANS Computer Forensics
Anti Incident Response - SANS Computer Forensics
Rock Around the Clock - SANS Computer Forensics
Digital Evidence - SANS Computer Forensics
Digital Forensics and Flux Capacitors.pdf - SANS Computer Forensics
Shadow Warriors - SANS Computer Forensics
Sniper Forensics “One Shot, One Kill” - SANS Computer Forensics
James Zinn - User Panel - SANS Computer Forensics
Malware Analysis Tools - SANS Computer Forensics
Working With Law Enforcement - SANS Computer Forensics
Sniper Forensics “One Shot, One Kill” - SANS Computer Forensics
“ANN'S AURORA” - SANS Computer Forensics
Encryption v20.10 - SANS Computer Forensics
exFAT History - SANS Computer Forensics
Drive Encryption - SANS Computer Forensics
Carve for Record not Files - SANS Computer Forensics
Beyond Fuzzy Hashing - SANS Computer Forensics
Exfiltration Forensics in the Age of the Cloud - SANS Computer ...
Beyond Fuzzy Hashing - SANS Computer Forensics
Working with Law Enforcement SANS Forensics Summit
Sniper Forensics V2.0 Target Acquisition - SANS - SANS Institute
Registry Analysis - SANS Computer Forensics
Forensic Challenges in the Courtroom - SANS Computer Forensics
Eoghan Casey-Chris Daywalt - SANS Computer Forensics
Mac Memory Analysis with Volatility - SANS Computer Forensics
New Computer Forensics Techniques Panel - SANS Computer ...
Mastering the Super Timeline - SANS Computer Forensics - SANS ...
Wendi Rafferty - Ken Bradley - SANS Computer Forensics
When Macs Get Hacked - SANS Computer Forensics
Don't wait! Try Yumpu. Start using Yumpu now!
Terms of service
Privacy policy
Cookie policy
Imprint
Made with love in Switzerland