iPad2 Logical Acquisition: Automated or Manual Examination?

Author First name, Last name, Institution

Somaya Ali, Zayed University
Sumaya AlHosani, Zayed University
Farah AlZarooni, Zayed University
Ibrahim Baggili, University of New Haven

Document Type

Conference Proceeding

Source of Publication

ADFSL Conference on Digital Forensics, Security and Law, 2012

Publication Date

5-30-2012

Abstract

Due to their usage increase worldwide, iPads are on the path of becoming key sources of digital evidence in criminal investigations. This research investigated the logical backup acquisition and examination of the iPad2 device using the Apple iTunes backup utility while manually examining the backup data (manual examination) and automatically parsing the backup data (Lantern software automated examination). The results indicate that a manual examination of the logical backup structure from iTunes reveals more digital evidence, especially if installed application data is required for an investigation. However, the researchers note that if a quick triage is needed of an iOS device, then automated tools provide a faster method for obtaining digital evidence from an iOS device. The results also illustrate that the file names in the backup folders have changed between iOS 3 and iOS 4. Lastly, the authors note the need for an extensible software framework for future automated logical iPad examination tools.

First Page

113

Last Page

128

Disciplines

Computer Sciences

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Recommended Citation

Ali, Somaya; AlHosani, Sumaya; AlZarooni, Farah; and Baggili, Ibrahim, "iPad2 Logical Acquisition: Automated or Manual Examination?" (2012). All Works. 2152.
https://zuscholars.zu.ac.ae/works/2152

Indexed in Scopus

no

Open Access

yes

Open Access Type

Gold: This publication is openly available in an open access journal/series