Friday, August 23, 2019
SSDD Forensics Issues Essay Example | Topics and Well Written Essays - 1000 words - 1
SSDD Forensics Issues - Essay Example The logical acquisition approach is based on acquiring a logical bit-by-bit copy of the directories and various types of files (address files) found within the iPhone file system. But, Physical acquisition implies a bit-by-bit copy of an entire physical store (e.g., a memory chip). Logical backups are considered a rich source of data files that can help build evidence. They can also provide proof of the pairing relationship between the computers that have been previously synced with the iPhone device if that computer was seized as part of the investigation. A physical acquisition has the advantage of allowing deleted files and data remnants to be examined. Physical extraction acquires information from the device by direct access to the flash memories. Generally, this is harder to achieve because the device vendors need to secure against the arbitrary reading of memory so that a device may be locked to a certain operator. The name of the backed-up folder is a long combination of forty hexadecimal numbers and characters (0-9 and a-f) and represents a unique identifier for the device from where the backup was obtained. This unique identifier appears to be a hashed value since it was the same unique name given to the backed-up folder by iTunes on both Mac and Windows operating systems. Within this folder reside hundreds of backup files with long hashed filenames consisting of forty numbers and characters. These filenames signify a unique identifier for each set of data or information copied from the iPhone memory. Backed-up data is stored in three file formats, plist files which stores data in plaintext format, mddata files which stores data in a raw binary format and info files which store encoded metadata of the corresponding binary mddata files. Figure 3 shows the Backup folder containing the backed-up files. Generally, the iPhone file system stores data in binary
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.