Digital Forensic Analysis on iDevice : Jailbreak iOS 12.1.1 as a Case Study

Authors

  • Amin Aenurahman Ali
  • Niken Cahyani
  • Erwin Jadied

DOI:

https://doi.org/10.34818/INDOJC.2019.4.2.349

Abstract

Jailbreak has an issue in data alteration, as it modifies file(s) in the device to allow user to extract more data than without jailbreaking. This issue raises controversy of the use of jailbreaking in digital forensic investigation, as data integrity is a prominent requirement in a court proceeding. This study aims to analyze the process of jailbreak, what is actually done by the jailbreak code in a device, and what data is actually modified by the jailbreak code. By using the latest version of iOS system, this study uses the voucher_swap exploit as a representation of semi-tethered jailbreaking method to investigate the effects of jailbreak on data integrity on a idevice. The investigation is conducted based on to what extent data can be extracted from the jailbreak device, hash value comparison of the data, and source code analysis to scrutinize the effect of jailbreak to the system and user data inside the device. Results of this study suggest that jailbreak is acceptable to prepare idevice in digital forensic investigations to acquire more data, as it maintains the integrity of user data. These results may help forensic communities in their decision about the acceptability of jailbreaking in idevide forensic investigations.

Downloads

Download data is not yet available.

References

S. D. Natalie Kerris, "Apple Reinvents the Phone with iPhone," Apple, 9 January 2007. [Online]. Available: https://www.apple.com/newsroom/2007/01/09Apple-Reinvents-the-Phone-with-iPhone/. [Accessed 5 November 2018].

Apple, "About the security content of iOS 12.1.1," Apple, April 03 2019. [Online]. Available: About the security content of iOS 12.1.1. [Accessed 20 May 2019].

Elcomsoft, "Elcomsoft iOS Forensic Toolkit," Elcomsoft, [Online]. Available: https://www.elcomsoft.com/eift.html. [Accessed 12 November 2018].

D. R. S. Priyank Parmar, "Logical acquisition of iPhone without Jail Breaking," IJSRST, vol. 4, no. 9, pp. 2-3, 2018.

K.-C. T. Y.-C. T. S.-J. W. Ya-Ting Chang, "Jailbroken iPhone Forensics for the Investigations and Controversy to Digital Evidence," Journal of Computers, vol. 26, pp. 21-23, 2015.

A. o. C. P. Officers, "ACPO Good Practice Guide ACPO Good Practice Guide for Digital Evidence," March 2012. [Online]. Available: https://www.digital-detective.net/digital-forensics-documents/ACPO_Good_Practice_Guide_for_Digital_Evidence_v5.pdf. [Accessed 4 April 2018].

K.-s. L. C. C. Y. W. Feng Liu, "Research on the technology of iOS jailbreak," in Sixth International Conference on Instrumentation & Measurement, Computer, Communication and Control, Hefei, China, 2016.

Packt, "iOS boot process and operating modes," [Online]. Available: https://subscription.packtpub.com/book/networking_and_servers/9781783553518/3/ch03lvl1sec23/ios-boot-process-and-operating-modes. [Accessed 20 November 2018].

InteliPaat, "iOS Architecture," [Online]. Available: https://intellipaat.com/tutorial/ios-tutorial/ios-architecture/. [Accessed May 2019].

S. Bhardwaj, "Core OS Layer in iPhone," 14 March 2013. [Online]. Available: https://www.c-sharpcorner.com/UploadFile/d49768/core-os-layer-in-iphone/. [Accessed 27 May 2019].

J. Levin, Mac OS X and iOS Internals, Indianapolis: John Wiley & Sons, Inc., 2013.

J. Zdziarski, "iOS Forensic Investigative Methods," May 2013. [Online]. Available: https://www.zdziarski.com/blog/wp-content/uploads/2013/05/iOS-Forensic-Investigative-Methods.pdf. [Accessed 22 January 2019].

Apple, "Apple File System Reference," 7 February 2019. [Online]. Available: https://developer.apple.com/support/apple-file-system/Apple-File-System-Reference.pdf. [Accessed 18 March 2019].

Scar, "Jailbreaking iOS 11 And All Versions Of iOS 10," 30 March 2018. [Online]. Available: https://articles.forensicfocus.com/2018/03/30/jailbreaking-ios-11-and-all-versions-of-ios-10/. [Accessed 28 December 2018].

Electronic Frontier Foundation, "Unintended Consequences: Fifteen Years under the DMCA," March 2013. [Online]. Available: https://www.eff.org/id/pages/unintended-consequences-fifteen-years-under-dmca. [Accessed 5 November 2018].

B. Azad, "Affect voucher_swap to Data Integrity," in email, 2019.

Downloads

Published

2019-09-09

How to Cite

Ali, A. A., Cahyani, N., & Jadied, E. (2019). Digital Forensic Analysis on iDevice : Jailbreak iOS 12.1.1 as a Case Study. Indonesian Journal on Computing (Indo-JC), 4(2), 205–218. https://doi.org/10.34818/INDOJC.2019.4.2.349

Issue

Section

Computer Science