SSDD Forensics Issues Essay Example | Topics and Well Written Essays - 1000 words - 1

SSDD Forensics Issues - Essay ExampleThe logical eruditeness approach is based on getting a logical bit-by-bit copy of the directories and various types of shoot downs (address files) found within the iPhone file system. But, Physical acquisition implies a bit-by-bit copy of an entire physical store (e.g., a memory chip). Logical patronages be considered a rich source of data files that can help build evidence. They can also deliver proof of the pairing relationship between the computers that have been previously synced with the iPhone turn of events if that computer was seized as furcate of the investigation. A physical acquisition has the advantage of allowing deleted files and data remnants to be examined. Physical extraction acquires information from the device by direct access to the flash memories. Generally, this is harder to achieve because the device vendors need to secure against the arbitrary schooling of memory so that a device may be locked to a certain operato r.The name of the backed-up cusp is a long combination of 40 hexadecimal numbers and characters (0-9 and a-f) and represents a unique identifier for the device from where the backup was obtained. This unique identifier appears to be a hashed value since it was the same unique name given to the backed-up folder by iTunes on both Mac and Windows operating systems. Within this folder reside hundreds of backup files with long hashed filenames consisting of forty numbers and characters. These filenames signify a unique identifier for each set of data or information copied from the iPhone memory. Backed-up data is stored in three file formats, plist files which stores data in plaintext format, mddata files which stores data in a raw binary program format and info files which store encoded metadata of the corresponding binary mddata files. Figure 3 shows the Backup folder containing the backed-up files. Generally, the iPhone file system stores data in binary