As Apple guys and forensics experts we are constantly aware of the legendary iPhone
We have them ourselves (and love them) and we are aware of the challenge they pose to the law enforcement community. The technology on both sides of the "argument" are constantly changing and we try to tread the fine line between our loyalties to Apple Inc and the needs of the forensics and e-discovery community with regards to the iPhone
Since iPhoneSIMfree became available to the public, the hacker group known as the iPhone Dev Team have been looking into how the iPhoneSIMfree hack works. What they worked out was that it is possible to write/flash the baseband of the iPhone (the chip that controls the voice and system functions). Geohot resorted to hardware hacking because it was believed that writing to the baseband was not possible.
With the release of iPhoneSIMfree they have seen that it is in fact possible and now the iPhone Dev Team is working to do the same. They will be releasing this unlocker for free once it's ready.
If you would like to automatically extract iPhone information that has been stored on your suspect's computer then MacLockPick simplifies this to a "hands off" automated procedure. Information collected includes (but is not limited to) the following:
- Incoming and Outgoing Phone calls including phone number, duration, date, and time.
- Incoming and Outgoing SMS messages including the phone number or name of the third party, the message content, and the date and time of the message.
- IMEI - The International Mobile Equipment Identity is a number unique to every GSM and UMTS mobile phone as well as some satellite phones. It is usually found printed on the phone underneath the battery. The IMEI number is used by the GSM network to identify valid devices and therefore can be used to stop a stolen phone from accessing the network.
- TMSI - The "Temporary Mobile Subscriber Identity" is the identity that is most commonly sent between the mobile and the network. TMSI is randomly assigned by the VLR to every mobile in the area, the moment it is switched on. The number is local to a location area, and so it has to be updated, each time the mobile moves to a new geographical area.
- IMSI - An International Mobile Subscriber Identity is a unique number associated with all GSM and UMTS network mobile phone users. It is stored in the SIM inside the phone and is sent by the phone to the network. It is also used to acquire other details of the mobile in the Home Location Register (HLR) or as locally copied in the Visitor Location Register. In order to avoid the subscriber being identified and tracked by eavesdroppers on the radio interface, the IMSI is sent as rarely as possible and a randomly-generated TMSI is sent instead.
- International Roaming Edge Status - Whether the phone is currently set to roam status.
- Favorites - Speed dial entries including the name and phone number.
- Safari State Documents - Pages currently open in the browser.
- Safari History - Pages viewed in the browser.
- Safari Bookmarks - All pages book marked.
- Notes recorded in the notes program.
- Address Book contacts, including all recorded details for each contact.
- Mail Accounts setup for synchronization.
A MacLockPick Reader log file view on Apple Mac OS X
Showing SMS logs captured from Apple iPhone records
For more information on how MacLockPick can be used in field triage, eDiscovery, and digital forensics with the Apple iPhone please click here.