Registration powered by Eventbrite
Contact O'Reilly Media for event and ticket information.
O'Reilly Master Class: Zdziarski on iPhone Forensics

O'Reilly Master Class: Zdziarski on iPhone Forensics

Tuesday, May 26, 2009 at 9:00 AM - Wednesday, May 27, 2009 at 5:00 PM (CT)

Chicago, IL

This event has ended!
View current events hosted by O'Reilly Media


Ticket Information
Ticket Type Sales End Price Fee Quantity
General Enrollment Ended $3,500.00 $0.00 N/A
Vetted law enforcement professionals and government employees Ended $2,500.00 $0.00 N/A
Event Details

Recovering Evidence, Personal Data, and Corporate Assets

This highly specialized two-day forensics workshop teaches you how to recover, process, and remove sensitive data stored on  the iPhone, iPhone 3G, and iPod Touch.

Led by author and data forensics expert Jonathan Zdziarski, this workshop helps you:

  • Determine what kind of evidence is stored on the device
  • Prepare an environment for iPhone forensics
  • Break v1.x and v2.x passcode-protected iPhones to gain access to the device
  • Build a custom recovery toolkit for the iPhone
  • Interrupt iPhone 3G's “secure wipe” process
  • Conduct data recovery of a v1.x and v2.x iPhone user disk partition, and preserve and recover the entire raw user disk partition
  • Recover deleted voicemail, images, email, and other personal data using data carving techniques
  • Recover geotagged metadata from camera photos
  • Discover Google map lookups, typing cache, and other data stored on the live file system
  • Extract contact information and other data from the iPhone's database
  • Collect desktop trace and establish trusted relationships to owners' desktops
  • Use different recovery strategies based on case needs

 

Using the tools and know-how provided in this workshop, you'll work hands-on to recover stored and deleted information from the iPhone including:

  • Keyboard caches containing usernames, passwords, search terms, and historical fragments of typed communication
  • Screenshots preserved from the last state of an application, taken whenever the home button is pressed or an application is exited
  • Deleted images from the suspect's photo library, camera roll, and browsing cache
  • Deleted address book entries, contacts, calendar events, and other personal data
  • Exhaustive call history, beyond that displayed
  • Map tile images from the iPhone's Google Maps application, lookups and longitude/latitude coordinates of previous map searches, and coordinates of the last GPS fix
  • Browser cache and deleted browser objects, which identify the websites a user has visited
  • Cached and deleted email messages, SMS messages, and other communication with corresponding time stamps
  • Deleted voicemail recordings stored on the device
  • Pairing records establishing trusted relationships between the device and one or more desktop computers

Hands-on demonstrations will be performed for the following operating system and iPhone firmware versions:

  • Windows XP with iPhoneOS 1.1.4 and iTunes 7.7
  • Mac OS X 10.5 with iPhone OS 2.2.1 and iTunes 7.7

Jonathan Zdziarski developed this workshop based on the contents of his new book, iPhone Forensics (O’Reilly Media, September 2008). As a part of your enrollment, you’ll receive a copy of the book to help you follow the workshop presentations. You’ll also receive a USB drive containing the forensics toolkit Zdziarski uses. Be sure to bring a Mac or Windows laptop (Mac preferred) and an iPhone if you would like to follow along. Do not bring live evidence.

 

When

Tuesday, May 26, 2009 at 9:00 AM
- to -
Wednesday, May 27, 2009 at 5:00 PM (CT)

Add to my calendar Add to my calendar
Where
Chicago Police Training Academy
1300 W Jackson Blvd
Chicago, IL 60607




Other Maps:

Yahoo | Mapquest | Microsoft

Hosted By

O'Reilly Media

O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly has been a chronicler and catalyst of leading-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.

View Other Events
 View other O'Reilly Media events
Contact the Host
 Contact the Host
RSS Feed
 Subscribe to receive notifications of future events by this host

If you must cancel for any reason you must notify us in writing 7 days prior to the event, for a refund less a $100 processing fee. Cancellations must be in writing, by fax, email or postal mail. Cancellations within 7 days of the event are non-refundable. You may transfer your registration to another person 48 hours prior to the event by providing authorization to us cancellations@oreilly.com. Confirmed and paid attendees who do not attend or who cancel after the deadline are liable for the entire fee. In the unlikely event of cancellation of the event, the liability of O'Reilly Media, Inc. is limited to the return of paid registration fees.

For questions about registration or assistance with any registration problems, please contact us at cancellations@oreilly.com.

This page was published using Eventbrite, your total online solution to publish, register, manage and promote events. Host Your Events With Eventbrite.
Contact O'Reilly Media for event and ticket information.