iPad2 Logical Acquisition: Automated or Manual Examination?

Author First name, Last name, Institution

Somaya Ali
Sumaya AlHosani
Farah AlZarooni
Ibrahim Baggili

Document Type

Article

Publication Date

5-30-2012

Abstract

Due to their usage increase worldwide, iPads are on the path of becoming key sources of digital evidence in criminal investigations. This research investigated the logical backup acquisition and examination of the iPad2 device using the Apple iTunes backup utility while manually examining the backup data (manual examination) and automatically parsing the backup data (Lantern software automated examination). The results indicate that a manual examination of the logical backup structure from iTunes reveals more digital evidence, especially if installed application data is required for an investigation. However, the researchers note that if a quick triage is needed of an iOS device, then automated tools provide a faster method for obtaining digital evidence from an iOS device. The results also illustrate that the file names in the backup folders have changed between iOS 3 and iOS 4. Lastly, the authors note the need for an extensible software framework for future automated logical iPad examination tools.

First Page

113

Last Page

128

Disciplines

Computer Sciences

Recommended Citation

Ali, Somaya; AlHosani, Sumaya; AlZarooni, Farah; and Baggili, Ibrahim, "iPad2 Logical Acquisition: Automated or Manual Examination?" (2012). All Works. 2152.
https://zuscholars.zu.ac.ae/works/2152

Indexed in Scopus

no

Open Access

no