Are Mistaken. Ftk Imager For Mac
How do I mount my iphone to look at it's files forensically? I have FTK Imager (the only free program I could find) but it doesnt mount it as a drive and I can't seem to take a forensic image of the iphone.
Ftk Imager Download Windows
Xlag 2.0 for mac. I am looking to get the cell tower logs (Cells.plist) file and I cant find a program or method to do it. The phone is not jailbroken and I do not want to do so. I have tried FTK on the windows PC with no luck.
I have tried many things on my mac but no dice. Moreover, I cant seem to get the iphone to display in 'devices' on the mac either (although the Iexplorer program works but just not accessing the real good files). What am I not understanding here? Is there a way to take an image of the iphone itself (and not just its storage partition)?
Edit: Tools like Oxygen, AccessData, Encase, etc supposedly allow the more in depth analysis (such as the cell tower logs) but I cannot find a solution that is not thousands of dollars! Also, Oxygen has a 'free' version but that only allows access to the crap you can find with Iexplorer anyway. You can try with iFunBox or iExplorer, but the really juicy stuff isn't available that easily. Most forensic tools go through a process which involves having the iPhone do a backup through iTunes, and then the tool will analyze the files stored in the backup. Without having forensic tools available, you can try one of many tools like this: This will let you browse the files inside the backup. Realize that everything might not be available because Apple is the gatekeeper.
Accessdata Ftk Imager
They decide what files to stuff into the backup. Edit: You cannot think about an iOS device as a drive.
Android works as a drive because its design allows for us to grab a drive image. IOS is designed to only allow you access to what they decide you should. There are many forensic tools that support physical acquisition. (see the chart at bottom) (statements at bottom) (expand support section at bottom) All of these tools have exceptions that state you cannot acquire a 4S or newer. There is an exploit in the non-updatable bootloader code on the 4 that allows physical acquisition, otherwise it would be a no-go as well. You can read through Apple's security design and see why we have such difficulties.
The iTunes backup is the most forensicly sound method of acquiring data from iOS because it uses the phone to do what it is programmed to do naturally. I havent tried this one yet, but I will. My question is really what are those forensic tools. I know how to do forensic examinations on all sorts of other 'drives' (to include android) but I am simply having difficulty in attaching IOS in any meaningful way to a traditional forensic imager (like FTK). Another way to approach this question would be to essentially ask how someone actually developed the jailbreak hack -that is, how did they gain access to the root level on a locked device?
– Apr 14 '14 at 15:35. I understand the supply and demand model of these tools but I do not understand why it is so difficult to simply 'take an image' of the iphone.
It is physically here and attached. Are the tools that can do it simply using some proprietary secret method of accessing the files? All I am looking for is to get the image of the iphone, I will do the examination myself. Similar to FTK and AccessData, the paid tools simply make it easier to do analysis.
They do not actually block you from doing it yourself. – Apr 14 '14 at 16:53.