iPhone Monitoring & Forensics

logo for iPhones

This page is an introductory into iPhone monitoring, data recovery, and forensics. The practice of cell phone forensics is broken down into three parts.

iPhone Monitoring

Using sophisticated software it is possible to monitor and track an iPhone without even installing anything on the device itself.

To do this you’ll first need to purchase software that allows you to view all of the phone’s data.

This can be accomplished by obtaining the user ID and password of the user’s iCloud account. Once you have this information it is possible to download all of this data to a secure storage location and view it.

It is important to ensure that this storage is encrypted and secure so that no one can hack in and steal this information.

iPhone Data Recovery

Another area of expertise is in recovery of data from an iPhone. Here’s a quick breakdown on what is involved in this process.

  1. Hardware: the backbone of what we do. If we didn’t have computers as well as specialized equipment such as cables, write blockers, and forensic duplicators we would not have much of a job to do.
  2. Software: makes everything possible. Certain software is designed to handle broad amount of data. Other software is designed to take on a specific task.
  3.  Knowledge: computer forensic principles and practices, along with the knowledge of how to operate not only the hardware, but the software as well, rounds out the trifecta of computer forensics.

It is no different with iPhone data recovery and forensics.

It requires at times certain hardware as well as software and knowledge in order to successfully extract and decipher data from an iPhone.

The following will be a general knowledge of what can and cannot be done to monitor or recover data from iPhones. We receive phone calls daily from people who want to know what can be done on a particular iPhone.

On June 8th, 2009 Apple introduced the iPhone 3GS. This was followed by the iPhone 4. From a cell phone forensic standpoint, these were great phones to work on.

Both allowed for what we in the industry call a physical extraction. This simply meant that we could grab all of the available data whether it has been deleted or not.

Note: It is not possible to recover everything that has been deleted. When an item has been deleted it is now available to have new data overwrite the space on the which it resided. Deleted data is only available for recovery if it has not already been overwritten by new data.

With that in mind, an iPhone 3 through 12 all allow for physical extractions. Items, like deleted photos, videos, text messages, phone calls and contacts to name a few can typically be extracted.

The basic rule of thumb is this on the iPhones. If it has been deleted, it can be recovered so long as it has not been overwritten.

Decipher Forensics is now a part of The Tool Report.