iOS Forensics Cookbook was written by Bhanu Birani and Mayank Birani with the aim of providing a resource to help forensic practitioners to handle and extract data from iOS devices.
It is important to note that this book is aimed at people who already have a significant level of technical knowledge. While it does explain where data are stored, for example, it does so only in brief and as part of practical exercises. Anyone who has a low level of familiarity with the subject or is put off by the idea of reading through lines of code will have difficulty understanding the majority of this book.
The book is divided into three main sections. The first part helps investigators to understand which data can be extracted from applications using Xcode, where they are stored on iOS devices, and the format in which the data are stored. Although the first chapter begins with a fairly high-level explanation of document directories and talks through path retrieval in a step-by-step manner, it dives into coding early on and the explanations from then on tend to assume a higher level of knowledge.
Considering the huge amount of code contained within the book, it would probably make sense to read it in ebook format rather than as a hard copy – this would enable the reader to copy and paste lines of code, rather than having to rely on a lack of human error in transcription. The code can also be downloaded from the publisher’s website.
Once the core data have been saved, the authors move on to talk about social media integration; specifically, Twitter, Facebook, LinkedIn and Instagram. While it was interesting to see how the social networks could be integrated into the app, I struggled to see the specific relevance to iOS forensics, as the only things that could be achieved after integration involved controlling a personal profile, rather than extracting bulk data, for example. In fact, this is something I found throughout the book; the ‘Forensics Recovery’ and ‘Forensics Tools’ chapters are located at the very end of iOS Forensics Cookbook, which made it seem as if the title were something of a misnomer.
In chapter three, we come up against a similar obstacle. The book is very much written from the perspective of an application developer who wants to create an app, install it on iOS devices, integrate it with social media platforms, and gain analytics on users. There is very little that would be of use to the average digital forensic investigator before the penultimate chapter.
The third chapter focuses on data analytics; specifically Google, Flurry and Mixpanel. It talks through how to analyse app usage and generate statistical data from the results. Chapter four deals with app testing and distribution, including dealing with bugs – a subject which is expanded upon in chapter five, fittingly entitled ‘Demystifying crash reports’.
As mentioned, the forensics part of iOS Forensics Cookbook begins in chapter six. Unlike the rest of the book, this chapter assumes no prior knowledge of its subject area, beginning with a basic introduction to file systems. It talks about the increasing levels of encryption being added to each iOS version and then discusses extracting data from iTunes backups.
The final chapter talks about how to use forensic tools to extract data. While the amount of information it covers is impressive, with a foray into jailbreaking at the very end of the book, it does not dive deep into any of the tools. Instead, it goes through how to use each of them in a kind of “push-button” explanation. While this may be helpful for simple data extraction, it is probably not the best way to explain such techniques to forensic investigators who may have to defend their understanding of the inner workings of the tools they are using in court.
In summary, therefore, iOS Forensics Cookbook seems to be more of an application developers’ handbook with a couple of high-level forensics chapters tagged on the end. It is a good book for the technical user who wants to develop apps, integrate them with various other resources, and perform simple data extraction when something goes wrong. However, it is probably not recommended to those who require a deeper look at forensics techniques themselves.
But, if you’re a forensic investigator who wants to develop their own apps, by all means give it a try!
iOS Forensics Cookbook is written by Bhanu Birani and Mayank Birani and is published by Packt.
This is an affiliate link, which means that if you buy the book after clicking on it, I will receive a percentage of the sale price. The book will be the same price whether you buy it through my link or by searching on Amazon. I received a review copy of this book from the publisher. All opinions are my own.