Edit This Page

iOS Incident Response

Processes for incident response and digital forensics have a lot in common and iOS is no exception to this. One important difference though is that for incident response process we assume owner of the allegedly compromised device to fully comply with investigator's request to provide access to the device, such as to disclose or disable passcode. This is a subtle but very important difference, especially on iOS, where passcode protection relies on proven cryptography and, in many cases, cannot be bypassed.

This chapter opens with a general introduction to iOS system and application security and then moves on to explain iOS-specific parts of mobile incident response.

  • iOS Security Model
  • iOS Incident Response Process
  • iOS Data Collection
  • iOS Incident Response Analysis
  • iOS Incident Response Lab Exercise