Forensic Acquisition of IOS Devices

Apple devices are well known for their high-security features in terms of data storage. IOS devices have some restrictions for their usability. The device contains only internal memory and the users can back up their data into iCloud or iTunes. IOS devices are more secure when compared to other mobile devices. The IOS devices can also be jailbroken for the purpose of removing software restrictions and allows the installation of application from the unknown sources i.e., the app that are not unavailable in Apple App store. After jailbreaking, the device becomes vulnerable and lets the attacker to access the device. Apple provides both hardware and software patches to the vulnerabilities, which means many versions can’t be jailbreak so easily. To perform Forensic investigation on the IOS devices, even the forensic investigators need privilege escalation to access the data of the device. The tools which are used to investigate IOS devices are avail as commercial. This project proposes an opensource method to access the IOS device using SSH shell. After the successful mount of device, the data can be acquired for further forensic analysis. Based on the artifacts analysed, the investigators can be able to find the root cause of the crime.