Sunday, August 14, 2011

Impressions: iPhone and iOS Forensics

The third forensics book in this batch is iPhone and iOS Forensics (IAIF) by Andrew Hoog and Katie Strzempka. This book is similar to iOS Forensic Analysis: for iPhone, iPad, and iPod touch by Sean Morrissey, in the sense that neither book is as strong as I might have hoped. Oddly enough, the aspects of Morrissey's book that were most compelling (like his overview of the various i-devices and attention to each of them) are weaker in IAIF.

I found IAIF to be a little confusing in its approach, with lack of rigor around discussing iPhone vs other platforms. I felt the authors should have either focused on one platform or given all of them equal attention. I also disliked mixing of what seemed to be jailbroken and non-jailbroken content. I prefer for forensics books to avoid using jailbreak techniques where possible, but it would have been helpful for the authors to be very clear where and why they use such methods.

Chapter 4 was supposed to cover security, but it was overall very disappointing. Chapter 6 probably has the core data of interest to a forensic investigator, namely where to find certain types of evidence (email, Web history, etc.) and how to get it. This is the sort of data missing from the Xbox book I just addressed.

I liked the material on downgrading iOS on a phone, but didn't like reading about basic Linux information in chapter 1. That should have been in an appendix.

No comments: