iPhone Forensics by Jonathan Zdziarski

The iPhone is a very useful tool, but you should be aware of some very important things. This book will shed some light about just how “private” a device like the iPhone really is.

The iPhone is essentially a full-fledged computer, running a slimmed down version of the Unix operating system and Apple’s Leopard. Like most mainstream operating systems, deleting a file only deletes the reference to the data, and not the actual data. This is why data recovery programs work. For the iPhone, the same is also true, but in addition, the amount of data stored on the iPhone extends far beyond what is perceived to be stored on it or what is accessible through its user interface. This data is, however, accessible with the tools and procedures outlined in this book. A criminal might attempt to delete all of the data she thinks exists on the phone but, in most cases, will have only made it inaccessible to the average person. A criminal might also think simple security, such as a passcode, will safeguard self-incriminating evidence from the police. As you’ll see, this too only keeps the average person out. Fortunately for you, if you are reading this book, you are not an average person.

My opinion on crime is this: any self-respecting criminal is likely to use a desktop computer with encryption or other tools to hide his dirty deeds. With strong encryption, new laws such as the Foreign Intelligence Surveillance Act—which gives the U.S. Government unfettered access to our private email, text messages, and voice conversations—can be rendered useless. Good encryption is effective, even against government bodies, but involves time and know-how. Fortunately, it’s easy to catch a criminal with his pants down, unless he is very careful.

However, in my opinion, the list of criminals that can effectively use encryption, or other technical means of hiding their communication, is a very small list. Therefore, this book is going to help you catch most everyone else. With respect to the few who do outsmart the government, it can be more important to monitor endpoints of communication than the actual communication itself—that is, who is associated with who. Should a criminal’s contacts be exposed, law enforcement officials can trace the date, time, and phone numbers back to actual people, easily cross-indexed with the massive databases our governments no doubt keeps. If a criminal is using an iPhone, she’s already compromised her operation on some level.

Computer security is a never-ending war between those who desire to hide information and those who work to expose it. There’s no telling who is winning, but this book can help tip the scales in favor of the good guys.

The detailed content of this book will appeal to various types of readers. Although it has its roots in police forensics (having been distributed to hundreds of law enforcement agencies prior to being published), this book will also prove very useful to computer security professionals and anyone seeking a deeper understanding of how the iPhone works.

It comes highly recommended to have this book in anyone’s library.