In today’s edition, the long-dormant Reliance Forensics blog starts anew, serving both the legal and forensic communities with regular updates. While working client engagements and conducting trainings in the past year has given us invaluable substantive experience that we can share, it hasn’t left a lot of time for blog writing. Look for more regular updates going forward, and deeper dives into various topics of interest at the intersection of law and digital forensics. Until then:
iPhones: Still Good Data, Still Tough To Crack
We (I believe we can speak for the forensics community collectively) still can’t get past the passcodes on the latest iPhones with a few ever-fleeting exceptions. Apparently, neither can Apple, as they told a federal court in Brooklyn back in October. And even on older iPhones or other types of smartphones, legal attempts to obtain passcodes have been met with hurdles. See, e.g, the SEC’s case against Bonan and Nan Huang ( though as of the date hereof I understand the SEC settled with the former and obtained a jury verdict against the latter).
If you’re looking to access data on a newer iPhone that is locked, the best options are to try to find an iCloud backup (if you have the credentials and proper authorization), or an iTunes backup on a computer into which the iPhone has been plugged (Mac, Windows, doesn’t matter). Many times users have these iTunes backups and don’t even realize it, as they are stored in a location on the computer hidden to the user. They can often be processed for most user data, including some deleted data, just as if we had the original device.
Along those lines, forensic examiner Devon Ackerman recently posted to LinkedIn regarding the forensics possible on various versions of the iPhone by operating system. As this has been very much a moving target, I hope it can be maintained. The current version is linked here.
Law Review Note on Digital Duplications
Harvard’s Law Review recently published a student note regarding digital duplications and their implications in light of the 4th Amendment. Kudos to Professor Orin Kerr (@OrinKerr) for tweeting this and bringing it to our attention. Incidentally, if you are on Twitter and care about the intersection of technology and the law, Professor Kerr oftentimes has very interesting, and pertinent, things to say on the subject. I used his textbook in teaching my own law school course on cybercrime.
Cellebrite Mobile Forensics Training
I recently wrote a piece on ForensicFocus.com discussing the core training curriculum for Cellebrite’s mobile forensic equipment and software. It can be found here. Regardless of the vendor, good mobile forensics equipment is a significant investment. We’ve found the training to be an invaluable resource that allows a far deeper dive into the data than would have been possible otherwise.