iPhone Forensic Acquisition

iXAM® was designed to overcome the inadequacies of "Jailbreak" tools and methods and provide the forensic practitioner with an extraction tool which is able to securely image these devices.

 

Key features include:

• Non-invasive data extraction:
No software is installed on the device, and no residue is left after imaging is complete. The solution is therefore suitable for covert use.

 

• Radio ( RF) Isolation:
Whilst in acquisition mode, the device is unable to connect to any external networks, be they GSM, UMTS, Bluetooth or Wi-Fi.

 

• USB Cable download:
Unlike many solutions, which rely on Wi-Fi communications to download data from the device, iXAM® connects via the manufacturer’s standard USB cable.

 

• Secure extraction:
iXAM® conducts forensic imaging in blocks, each of which is verified by CRC. Once verified correct, software either on the device or the workstation hashes each block into an overall volume hash (MD5, SHA1 or both). Once the download is completed, the acquisition hashes are used to verify the integrity of the downloaded files.

 

• Encryption cracking:
Where the email database and physical disk are encrypted on Apple devices utilising iOS 4.0>, iXAM® is able to break down, access and report this information.

 

• Flexibility:
Downloads can be paused and resumed at a later date, or even moved from one workstation to another before resumption, without interrupting the volume hashing process.

 

• Audit trails:
iXAM® maintains an XML log file of all actions performed during the download process. This log includes device identification data (i.e. device model, software version, serial number, IMEI, internal date & time), and is suitable for presentation in evidence.