Book Review: iPhone and iOS Forensic: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices

Hoog, A., and Strzempka, K. (2011).  iPhone and iOS Forensic: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices. Syngress, Elsevier, xv + 310 pages; ISBN-10: 1597496596; ISBN-13: 978-1597496599, $69.95 Reviewed by Simson Garfinkel, Naval Postgraduate School In April 2011 news outlets around the world revealed shocking news about Apple’s iPhone: for reasons that were not apparently clear, every iPhone contained a small SQLite database that logged where and when the user had been whenever the phone was turned on, and those records went back for pretty much as long as the user had owned their phone. Apple eventually declared that the data cache was the result of a bug and issued a software update to prune the database (it had previously grown without limit). Privacy activists rejoiced that their beloved iPhones were once again trustworthy. But forensics examiners just shook their heads: many had known about the iPhone’s tracking capabilities for more than a year and had kept quiet. They had made good use of that data. Apple’s pro-privacy patch was actually a setback for law enforcement. (see PDF for full review)