Image iPhone Drive?

Discussion in 'iPhone' started by RossMc, Dec 14, 2010.

  1. RossMc macrumors 65816

    RossMc

    Joined:
    Apr 30, 2010
    Location:
    Newcastle, UK
    #1
    Is there any program avaliable that is able to do this.

    For my digital investigations lecture in uni. I have to create two tutorials on recovering evidence and not generic ones so I chose one for how to image an iPhone.

    I have been looking around and the only option I have seen is to SSH and copy the root directory but this wouldn't give me a full image.

    Anyone suggest any other ways?
     
  2. RossMc thread starter macrumors 65816

    RossMc

    Joined:
    Apr 30, 2010
    Location:
    Newcastle, UK
    #2
    Anyone?

    All the guides I have found so far are with iPhone's running old firmware and using old tools from 2008 which won't work with current iPhone firmware.

    I tried mounting the iPhone in Linux and using the DD command like I use when making an forensic image of a hard drive etc but that did not work.
     
  3. BeyondtheTech macrumors 68020

    BeyondtheTech

    Joined:
    Jun 20, 2007
    #3
    You're definitely asking in the wrong forum. It's way over everyone's heads. Most people here only have the capacity to bitch about not getting the white iPhone and if Verizon will finally have their share come January.

    You might as well walk into a Star Trek convention and ask the crowd if anyone knows how to score with a hot chick.
     
  4. Alzaman macrumors newbie

    Joined:
    May 29, 2011
    #4
    Ross - Just to enquire if you reached any conclusion with obtaining an image from the iPhone?

    I am in the process of doing my final year project, pretty similar to yours but involving iPod Touch and the possible artefacts obtained in iOS5. I'm currently progressing through various strategies, journals and books to see if there is a successful solution and trying various methods.

    Thanks in advance.
     
  5. WissMAN macrumors regular

    WissMAN

    Joined:
    Jun 19, 2009
    Location:
    Lone Star state
    #5
    Try asking a local police dept. Most have a cyber crimes unit. If you can show this is for a class they may be willing to explain things, however software is usually required.
     
  6. RossMc thread starter macrumors 65816

    RossMc

    Joined:
    Apr 30, 2010
    Location:
    Newcastle, UK
    #6
    Yeah I found a way to do it but it involves the iPhone being jailbroken so for Forensic purposes as you may know if you are doing this that this may not be admissible in court as it goes against the first ACPO guideline which is

    "No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court."

    So unless you know exactly what is happening when you jailbreak the iPhone and what changes it is making and if this is in any way going to affect the evidence which is on the device and be able to fully explain all this then it shouldn't be done. For my assignment it was fine though as this was just showing it could be done.

    As stated in the second principle

    "In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions."

    Basically what you need to do is to SSH into the iPhone and then do the imaging process through SSH with a few commands and a LOT of waiting lol. If you want detailed information on how to do it with the commands etc then feel free to PM me and I will explain how it was done.
     
  7. frankmarco macrumors newbie

    Joined:
    Oct 18, 2011
    #7
    Would Like To Know...

    Hello Ross,
    I was unable to find a link to PM you, but I would be very interested in learning how you performed a image of the iphone drive.
    I am aware the device has to be jb.

    Please feel free to PM me if you know how.

    Thanks

    Frank!
     

Share This Page