ADVANCED TECHNOLOGY INVESTIGATIONS, LLC

Private Investigator Services Greensboro NC - Advanced Technology Investigations - North Carolina Private Investigators

by

iPhone Forensics What to Expect

WHAT YOU NEED TO KNOW

by David Shelton, Advanced Technology Investigations, LLC

Client’s of Advanced Technology Investigations, LLC throughout North Carolina turn to us when there is a possibility of evidence in the form of electronic data with cell phones, computers and other digital devices that hold communication and media. We bring special skills in technology to our Clients to ensure they have all the evidence possible from a team of experienced experts with proven results, giving our Client’s the truth they deserve.

This article is for for experienced Cell Phone Forensic examiners, as well as examiners just getting started with (CPF). Below is what you will learn from this article.

• What you should know about digital forensics on cell phones
• What to expect from a Forensic examination on an Apple iPhone
• Step by Step, conducting the examination
• Plug in tools to assist in interpreting the data

WHAT YOU SHOULD KNOW

• Digital Forensics with Cell Phones is challenging in that, there is no, one tool fits all.
• The Examiner has to have multiple tools, and have a good understanding of data that can be on a cell phone.
• The Examiner must learn a multitude of techniques to make different models of cell phones communicate with the specific workstation.
• Learning as much as possible with continuing training, and experience, will give the examiner the best chance to be successful in their attempts at this ever changing field.

INTRODUCTION

One of the more popular cell phones to attempt a forensic examination on is the Apple iPhone. The iPhone is a smart phone made by Apple. The Apple iPhone can hold tremendous amounts of data. If successful at an acquisition, all the tedious and hard work is quite satisfying to the forensic examiner, in that, the examiner has overcome challenges with each iPhone model and different iOS versions examined, and has most likely used multiple tools to acquire all the available data the iPhone can produce.

WHAT YOU CAN EXPECT FROM AN iPHONE FORENSIC EXAMINATION

Before we began the step by step process we must identify the different types of acquisitions available for the iPhone model and the iOS version running on the particular iPhone. The experienced examiner will know, or will research if the phone to be examined is able to be examined Logically (Data that can be seen), or with a Physical examination (Data that cannot be seen, such as deleted data). There are different tools for each method the examiner can use. The chosen tool will depend on the tools available to the examiner, the circumstances of the case, and the data the examiner is looking for. Several Forensic tools can acquire a physical image of iPhone models previous to the iPhone 4 and below, such as the iphones 3, 3G, and 4. At the time of this paper, there are no forensic tools that will acquire a physical acquisition of the iPhone 4s or the iPhone 5. The examiner will however, still be able to recover a limited amount of deleted text messages located in the logical database file, as well as data that can be carved from application files. Knowing as much information about the case will help the examiner to pick the most appropriate available tools for the case.

THE CHALLENGES

There are quite a few challenges with acquiring the data from an iPhone. Several tools are needed to examine the different types of files the examiner successfully acquires. Some of the forensic software’s have several different tools built into the software and automated for the examiner already. There are other software’s that you must conduct separate task with the phone in order to access all the data the iPhone can hold. The Apple iPhone was introduced into the market in 2007. Its proprietary operating system is the iOS. One of the most known challenges of the iPhone is the constant upgrades and patches made with each release of the iOS firmware. As cell phones evolve, the forensic software tools must do the same to attempt to keep up with the newest technology.

There are teams of developers and hackers that constantly work to crack the iOS encryption so the device can be forensically examined. If you start researching iPhone forensics you can find a multitude of books written specifically on topics of the iOS operating systems and how it works, and how to develop apps for it.

PRESERVING THE DATA

The very first and most important step in any Digital Forensic examination is to protect the data from changing so to preserve the source data from changing. There are arguable points as how to accomplish this task. Do you simply turn the phone off or do you protect the device with a Faraday cage to keep the device from communicating with the wireless network? Knowing that a cell phone is a mobile device, there are many possibilities on how the device suddenly became an item of interest to be examined. The first responder at the scene may not be trained in Cell Phone Forensics, and may not have the necessary tools to perform a triage on the spot. Even though a first responder may not be trained in preserving digital evidence, most first responders know that documentation is very important at any incident they may encounter, thus the words document…document…document, must get burned into the first responders brain. Taking a picture of the cell phone, its screen, and any visible ports before deciding to cut the phone off or to faraday protect the phone is a reasonable and smart decision to make.

If the situation is that the first responder has access to a faraday cage, it is important to note that some models of iPhones have a metal exterior showing around the edges of the phone, and if you place a faraday article against the metal of the phone, instead of blocking the cellular signal, the result could be that you actually cause an antenna effect of the phone shell and boost the signal to the iPhone. It’s always good to have some way of isolating the phone from the actual faraday protectant, just in case this situation arises. If faraday protection isn’t an option, placing the iPhone in airplane mode will disconnect the phone from the network as well. It is important for the first responder to document and let the examiner know what state the iPhone will be arriving, so the examiner can reduce the chances that the data can be wiped from the user’s account at a later time by the User. These items conducted properly will allow the examiner to report the proper preservation of the data. The first responder and the examiner will be responsible in establishing a chain of custody to follow the cell phone from the time the cell phone is in possession, until the conclusion of the case.

Once in the lab the iPhone can be examined using a multitude of tools. The examiner needs to be aware of how a physical acquisition is obtained by understanding the iPhone iOS firmware tools which will assist in acquiring a bit by bit image of the target iPhone memory. Some tools will automatically execute commands to the phone while the phone is placed in DFU mode, in order to execute a temporary root which will allow for a bit by bit copy of the phone memory, then restore the iPhone back to its normal state without altering any data on the phone, such as process ran on products like Cellebrite and AccessData’s MPE+. Depending on the tools available, the examiner may have no other choice except to use multiple tools in order to acquire a physical image, then use a other tools to analyze the image. At times when Apple releases a new iOS and before the forensic software manufactures release their update to support the new iOS, the examiner may have no other choice other than to perform a jailbreak on the target iPhone in order to obtain a physical acquisition of a newly released update of the target iPhone. An experienced examiner that has been trained with the iOS developer tools and has a clear understanding of how different tools work with different iOS versions, can be well prepared for any challenges the examiner may face during the forensic examination of the iPhone.

To learn how Forensics can help your case, call for a FREE Consultation at: 336-298-1556

by

Android Forensics Greensboro NC

Private investigators Greensboro NC
Android Forensics Greensboro NC – Private Investigators Greensboro NC conduct Forensics on Android Cell Phones
Greensboro Private Investigators are on the cutting edge of technology with cell phone forensics and recovering deleted data. Advanced Technology Investigations, LLC in Greensboro, NC is certified in cell phone forensics and serves the Greensboro, High Point, and Winston Salem triad areas providing cell phone forensics services.

Android is a very popular operating system used in may smart phones. The Google Android operating system runs on an open source platform allowing users to set the phone up like they need it to work. Conducting forensics on an Android cell phone can be challenging in that each manufacture sets the operating system up with their own design to attract the users. A important step in retrieving deleted data from the Android is to gain “root” access to the developer level of the operating system to access system files for recovery, and keep the process forensically sound at the same time. There are many Forensic tools for acquiring the logical extraction of data that can be visually seen on the phone, which can be very important data to have for your case. Gaining root access with forensic tools can leave you with limited options due to the rapid upgrading of the Android operating system. Our Private Investigators in Greensboro, NC have some of the best forensic tools for gaining root access and getting you the most data possible for your case.

If you have a case in which you have a cell phone with the Android operating system and you want the most data possible for evidence in your case, then call our Greensboro lab at Advanced Technology Investigations, LLC at
336-298-1556 for a free consultation on how digital forensics can gain you valuable evidence in your case.

by

Deleted Text Message Recovery

Private Investigators Greensboro NC
Deleted text message recovery – Private Investigators in Greensboro North Carolina are Digital Forensics Investigators.
Cell Phones today hold substantial amounts of information. The information from our use these days’s smart phones can be saved on the Sim card, memory card, or the memory chime in the mobile phone. Even when data such as a text message is erased from the phone, a Certified Mobile phone forensics examiner can use a wide range of forensic tools to recover what the individual believed they damaged.

Advanced Technology Investigations, LLC is a Private Investigation Firm found in Greensboro, NC. Our Greensboro Private detectives are Certified in Digital forensics with mobile phone, computer systems, iPads, tablet computers, notebooks, and a lot of any digital device that hold data. Advanced Modern technology Investigations, LLC has a high tech forensics laboratory at our Greensboro workplace. Our Greensboro Private Investigators are certified and highly trained to use lots of approaches and devices to find proof in a wide range of Investigatory situations.

So where are the deleted text messages stored on the phone? The deleted data is kept in data source files that are not easily accessible to the user. Just forensics tools accustomeded properly by a skilled expert, such as our Greensboro Private detective could recover this type of removed data. There are lots of websites offering economical devices that mention their software program can recover removed text, but don’t be misleaded. Many of these online devices only support an extremely small number of mobile phone, and when the proof is not handled properly and not obtained appropriately you will certainly discover in Court that which you finished with these economical devices have actually now polluted your proof making it not able to be accepted in the Law court.

A lot of Client’s phone call me and claim, “My partner keeps their phone with them at all times, theres no way for me to obtain it to you.” A Cost-free Assessment with among our Highly educated Private detectives at our Greensboro laboratory will certainly give you options on the best ways to make the tough activity of seizing the phone possible in order to protect and recuperate the deleted data correctly for usage in the Court of law.

Advanced Technology Investigations, LLC is your one resource Private detective in Greensboro, NC for the most daunting job in your situation. Does your case need the aid of modern technology to discover proof? Call your Greensboro Private investigator today at 336-298-1556.

by

Apple iPhone Forensics and Deleted Data Recovery

Apple iPhone Forensics and Deleted Data Recovery – Advanced Technology Investigations, LLC is your Private detective in Greensboro, High Point, Winston Salem, and covering all North Carolina for Cell phone Forensics. Our Private detectives at our Greensboro laboratory provide services for acquiring information from smart phones for usage in legal cases. Mobile phone Forensics deleted data recovery requires specialized training and several various Forensic tools to achieve this job. Rest assure, if it can be done our Greensboro Private Investigation Company can do it.

One of my favored sort of cell phones to conduct Forensics on is the popular apple iphone. The iPhone could be quite daunting to pull information from, and at the very same time really gratifying to the Professional examiner when we are successful at obtaining the data, particularly the deleted information and information such as location information that can not be seen from any kind of area readable on the apple iphone.

Among the difficulties to the Digital Forensic Examiner with the phone is that Apple often updates its iOS

Private Investigators Greensboro NC
Private Investigators in Greensboro NC conduct Forensics on Apple iPhones.
where it could take some time prior to the Forensic tools can update to decrypt the brand-new operating system version. Keeping up with all the updates of working technologies and upgrading the Forensic devices is a weekly job that our Greensboro Exclusive Investigators/Digital Forensic Supervisors are tasked with in our Greensboro laboratory. One more challenge the Forensic Examiner encounters with getting data from the iPhone is just how the Individual has actually established the phone approximately operate, which services are turned on or triggered. The Individual may also use the phone like their personal computer by communicating thousands of contents, e-mails, telephone call, and app use in which regular deletion of information from the User could induce some of the data to be overwritten and perhaps unrecoverable.

I often have Clients inform me, I could not obtain the phone from the Subject to check out because they keep it with them continuously. Well, I have good information, Apple has the terrific fantastic software called iTunes that you could utilize to make a back-up of the iPhone information. The data backup data will be conserved to a folder in the program data of the pc where the data backup was made to. The next inquiry I generally obtain asked is, “can you obtain deleted data from a backup of the phone?” The answer is YES, but once more it will certainly depend on how the User has set the apple iphone up. So, since you’ve made a backup of the subject smartphone, where is the data backup documents discovered? Good inquiry, and the solution will certainly rely on the os version of the Windows or Apple pc the backup was carried out on. If this is a choice you would certainly such as to check out, simply give us a telephone call and one of our Specialist Digital Forensic Supervisor can offer you instructions on the best ways to copy this data backup documents to an exterior device and the best ways to properly handle and chronicle the evidence, until you can deliver it to our Digital Forensic Lab in Greensboro, NC.

If you have an iPhone that you think would certainly generate proof for your instance, then call Your one source Private detective in Greensboro, NC to assist you with all your Digital Forensic requirements at 336-298-1556.

Click for the BBB Business Review of this Detective Agencies in Greensboro NC

Top Private Investigator

Top Private Investigator in Greensboro