iOS anti-forensics: How can we securely conceal, delete and insert data?

In fulfilment of the requirements for the degree of M.Sc. (Cyber Security and Forensic Computing), I have conducted research on the under-studied area of anti-mobile forensics and formulated three novel techniques: a “Concealment” procedure to enhance the security of non-protected data that is at rest on iOS devices, a “Deletion” procedure to prevent data recovery from iOS devices, and an “Insertion” procedure to surreptitiously implant false evidence into iOS devices. Findings were accepted for publication by the Hawaii International Conference on System Sciences (HICSS 2014) (ERA A Rank):

D’Orazio C, Ariffin A and Choo K-K R 2014. iOS anti-forensics: How can we securely conceal, delete and insert data?. In 47th Annual Hawaii International Conference on System Sciences (HICSS 2014), 6–9 January 2014, IEEE Computer Society Press [In press].

This publication can be accessed via http://ssrn.com/abstract=2339819.

Figure 1 shows how the "Concealment" and "Deletion" procedures impact on the decryption of files on iOS devices.

Figure 1

Both procedures generate the results illustrated in Figure 2.

Figure 2

The different between "Concealment" and "Deletion" is that the latter is irreversible. Thus, the concealment procedure might be appropriate for those users who intend to safely store private or sensitive information on iOS devices that cannot be recovered when applying digital forensic techniques (e.g, if the device is stolen, misplaced, etc.). On the other hand, the deletion procedure becomes of importance to definitely thwart criminal investigations.

A new beginning

Hi everyone,

This short post is just to clarify the purpose of this blog.
 

Since the end of 2001, I have been actively researching and writing tutorials about Reverse Engineering. It just started as a hobby which turned into a pathway to conduct extensive research on Digital Forensics for an important Spanish agency. To be more precise, I worked on decoding several proprietary data storage formats to develop software applications for the recovery of erased data contained on mobile phones, which substantially helped to extract incriminating evidence from forensic copies.

Due to those tutorials, which I used to publish, I was contacted by the aforesaid agency and my career in Mobile Phone Forensics began. The important takeaway message is that your presence in the cyber world matters and can open doors. However, the constant lack of time has essentially prevented me from bringing my work to the cyber community over the last years. Although, as a security consultant, I actively continue reversing software under simulated attacks for those companies that look forward to hardening their applications, writing detailed and step-by-step tutorials is a time-consuming task that unfortunately I cannot much longer pursue.

So well, in order to maintain my presence and let people know about my work, I decided instead to put hands on a blog focused on generally discussing digital forensic and security-related issues/topics, which in theory should be less demanding. Thus, this blog brings attention to a wide range of disciplines rather than just Reverse Engineering. I hope you enjoy it and become a recurrent visitor.

CJ