X
Government

iPhone stymies forensic scientists

Computer forensic scientists are intrigued and dismayed by the iPhone, Wired reports. The article cites Derrick Donnelly, chief technology officer of Blackbag Technologies, which specializes in Apple forensic solutions.
Written by Richard Koman, Contributor

Computer forensic scientists are intrigued and dismayed by the iPhone, Wired reports. The article cites Derrick Donnelly, chief technology officer of Blackbag Technologies, which specializes in Apple forensic solutions.

Donnelly said the iPhone is an especially rich device for police. "There is more information in there than your average cell phone," he said. "The ease of use lends itself to more use … and more use creates more artifacts."

The iPhone's web, e-mail and phone functionality -- combined with its 4- or 8-GB storage capacity -- means it can serve as a window into the personality, lifestyle, social circle and actions of the user. "Even though there might not be a smoking gun right in there," explains Donnelly, "a lot of these smaller pieces could add up to a bigger piece that could lead you to further evidence."

Donnelly is a rarity in the forensics business - a Mac specialist. "To know the iPhone is to know the Mac or vice versa," explains Donnelly. "Because it's a different file system and a different operating system, right off the bat the things you're usually looking for are not in the same places and they are in a very, very different format."

The problem is that even by turning the thing on, forensics pros could be altering the stored data. That might create reasonable doubt for a jury that the offered evidence hasn't been changed by the investigation. But even Mac experts like Donnelly are struggling with how to get the data off the iPhone's closed system without altering the data by turning on the device.

Currently, the iPhone is not compatible with existing forensic software and data-extraction systems. Forensic experts may be left with old-school techniques like photographing data as it is displayed on the screen itself -- as if it were a yellow-taped crime scene.

Or hoping to find a desktop machine that the suspect had recently synced the iPhone too.

Editorial standards