top of page
Search

Does jailbreaking alter digital evidence?

  • Nov 24, 2019

A study posted here, Ya-Ting Chang, Ke-Chun Teng, Yu-Cheng Tso, & Shiuh-Jeng Wang, Jailbroken iPhone Forensics for the Investigations and Controversy to Digital Evidence, Department of Information Management, Central Police University (2015) analyzes whether or not jailbreaking an iPhone alters digital evidence. The study was conducted comparing iTunes logical extraction and the MSAB XRY extraction tool, testing both methods before and after jailbreaking.

Jailbreaking generally makes the extraction of digital evidence easier. The authors conclude that the jailbreaking procedure will not alter digital evidence on an iPhone. iTunes still generates the same number of backup files before and after an iPhone is jailbroken. The jailbreaking process allows wifi and mobile phone data to be accessed which cannot be extracted if an iPhone is not jailbroken. iPhones automatically synchronize and download the most recent 50 emails from servers to which they synch. The emails can only be recovered if an iPhone is jailbroken.


 
 

Connecting your smartphone aboard

  • Oct 3, 2019

When travelling in certain far flung areas, your smartphone may not automatically detect the local network, even if you have data roaming on. If you have an iPhone go to Settings . . . Cellular . . .Network Selection, and then turn off the automatic setting. Below you should see multiple local networks to choose from.


 
 

Relativity Short Message Format

  • Sep 11, 2019

Relativity has a short message format which should be used for messages exported from Slack, Skype, Instant Bloomberg chat, or standard mobile phone SMS messages. A .rsmf file should include a .zip file attachment, that cannot be encrypted. A manifest file inside the zip file should have a JSON file at its root. These individual JSON files will include the names of participants in messages, and the titles of their conversations - a new and valuable source of metadata. The JSON files will also record events, and can show if a message was deleted. The format appears this way:

Relativity Short Message Viewer is used to display the messages in a workspace. A version of the message is recreated in html. Slightly different styles will be used for different message types. Slack messages look like this:

. . . and Bloomberg chats look like this:

The viewer includes a timeline that you can use to restrict a review to a particular date range.

Hovering over an icon will give you a summary of the number of participants, message total, and date range of a conversation.


 
 

Sean O'Shea has more than 20 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

If you have a question or comment about this blog, please make a submission using the form to the right. 

Your details were sent successfully!

© 2015 by Sean O'Shea . Proudly created with Wix.com

bottom of page