/ BOOK REVIEWS
The authors do a great job of stepping through each chapter Whether you are an individual or an organisation (and on
and explaining techniques in a way that is easy to understand. whatever side of the law you happen to operate), you’ll need
The section of the book that helped me most professionally to know exactly how much risk you are taking when you do
was section fi ve, Creating a Complete Forensic Toolkit, which business on your iPhone. How secure is your data and, fo-
explains exactly how to create a bootable toolkit that will not rensically, how many of your daily activities, transactions and
alter data on the host system. On the whole, this book pro- communications are accountable in the eyes of the law?
vides a consistent introduction to a wide array of IT forensics So, how do you dig into Apple’s prizewinning marrow while
topics. One topic that feels incomplete, however - perhaps be- donning the cap of the forensics investigator? That’s the easy
cause of the book’s vintage - is Mobile Device Forensics. There part: pick up a copy of Jonathan Zdziarski’s iPhone Forensics,
is no information on mobile phones and MP3 players. That is published by O’Reilly Media, and you’ll see exactly what’s
an isolated shortcoming, however. The book introduces and going on beneath the glossy veneer. This book is a great
discusses many of the tools that are widely used in the fi eld, technical companion for computer forensics guys who have
and its screenshots are helpful in illustrating sample output a need (or a calling) to dig into the iPhone platform. True,
from tools. In my opinion “Real Digital Forensics: Computer it’s a very short book with a high price point (just 113 pages
Security and Incident Response” is a great resource for any of technical content for £30.99), so the real proposition is
forensic investigator. pitched in terms of technical punch rather than kilograms
of rainforest.
The foreword, written by the enigmatic John T Draper (Cap’n
Crunch), sets the scene for the rest of the book, showing that
it’s fairly easy for investigators to get a bucket load of valuable
data from the iPhone as long as they know where to look.
Zdziarski kicks off with a great introductory chapter that takes
us through the rules of evidence collection and good forensic
practice, before launching into the technical chapters. Even if
it is aimed primarily at the newbie investigator, this introduc-
tion gives the book a nice, well-rounded feel.
Chapters 2 and 3 cover the basics of understanding the
iPhone architecture and how to gain access to the underlying
system. These chapters are invaluable and written in an easy
to follow style, but quickly get you to the stage where you are
iPhone Forensics looking at the iPhone device with its pants pulled well and
Recovering Evidence, Personal Data & truly down. Zdziarski then spends the next three chapters fo-
Corporate Assets cusing on the forensic recovery of data, and analysing a whole
bunch of interesting tools, such as Foremost and Scalpel. He
Author: Jonathan Zdziarski then launches into e-discovery where he details techniques
Publisher: O’Reilly for fi nding evidence inside iPhone database fi les (SQLite) and
Date of Publication: 17 September 2008 XML property lists (these contain items such as cookies, ac-
Price: £30.99 (UK), $39.99 (USA) count details, and Safari browsing history).
ISBN: 978-0-596-15358-8 Chapter 6 ties the iPhone forensic investigation to the desk-
Reviewer: Tony Campbell top PC, describing tools and techniques for pairing evidence
between the two platforms. Finally, Chapter 7 cuts to the
chase and explains in terms of specifi c kinds of investigation
I love my iPhone and so should you (he says in a monotone, (and real-life cases) which information is the most useful, and
robotic voice). But, the real question is, am I just another how it would be presented in court.
Apple fanboy, brainwashed by Steve Jobs’ celebrity industry This book is an excellent resource for any computer foren-
presence and marketing genius? Or have I really made a buy- sics investigator. I recommend buying it, and also registering
ing decision based on the facts? It’s true that the iPhone is on O’Reilly’s website for their up-to-date iPhone Forensics
probably the sexiest piece of kit in this arm of the Milky Way, Data Recovery Training and listening to some of the webcasts
but is there something lurking under the glitzy hood, that by Jonathan Zdziarski himself. For more information on these
could rise up and bite us in the proverbial “you know what”? resources, see http://search.oreilly.com/?q=iphone+forensics/.
49
DF1_48-49_Book Reviews.indd 49 29/10/09 5:24:34 pm