Digital Forensics for iOS Devices

Apple’s focus on security and robust encryption of iOS devices can often make it difficult to perform forensics work on these devices. Regardless of these difficulties, Gillware perfoms iOS device forensics on a number of iOS device models and continue to expand our capabilities over time.


The Necessity of iOS Forensics

As some of the most popular mobile devices on the planet, Apple’s line of iOS products is used by millions of people all over the world. With access to the data on a suspect or victim’s phone, you can often find out who they talked to and when, where they were or where they were going, which applications they used and a whole host of other potential evidence.

With the help of skilled forensics examiners, any iOS forensics case can potentially yield fruitful results with the right tools, knowledge, and expertise. The robust security of iOS devices can often make it difficult to access these devices, but evidence can still be found from other associated data sources if a forensic investigator knows where to look. Our digital forensics experts can also help in the court to explain these technologies and the ramifications of any evidence found.

Our iOS Forensics Services

With a new iPhone every year, new iPod Touch and iPad models every few years, and new versions of iOS all the time, there’s always more iOS forensics research to be done by examiners. Whether that’s obtaining the newest models to tinker with or creating new forensics techniques for older models, each year our capabilities grow.

With the many years of digital forensics experience our President Cindy Murphy brings to the team, in conjunction with her experience with law enforcement and as a member of the Madison Police Department, she has a wealth of information and experience to draw from in conducting iOS forensics cases.

In addition to her expertise, our own data recovery engineers have over a decade of experience doing complex physical and logical recoveries on a variety of devices. This of course includes iOS devices. We are also able to utilize tools such as Cellebrite as well as proprietary recovery and forensics tools to aid us in our iOS forensics work. Technology moves quickly and digital forensics experts are doing everything in their power to stay ahead of the curve.

Recovering Data from Broken iOS Devices

Plenty of broken devices have come through Gillware’s lab throughout its history. Whether it’s fire, water, or in one case, even acid, Gillware has recovered data from devices so damaged that they were unrecognizable from their original state. Our forensic data recovery experts use advanced data recovery techniques and proprietary equipment to attempt to create a forensic image of the internal NAND flash memory chips in the hope that data may be recovered for analysis. Deciphering the data and piecing it together in a way that makes sense can often be the greatest challenge with these cases, but our engineers have the necessary experience to figure out these problems when data is recovered.

iOS Malware

One new change in recent years in the digital forensics world is the arrival and proliferation of mobile malware. As secure as the iOS platform is, it is not immune from malware. Recent iOS malware includes late 2015’s XcodeGhost, a modified version of Apple’s programming framework known as Xcode that mines user data on applications it has infected. Another more recent example is the AceDeceiver Trojan which infects iOS devices that are connected to Windows-based PCs. AceDeceiver is also somewhat unique because iOS devices do not have to be jailbroken in order to be infected by the malware.


One advantage that iOS devices have over Android devices is that in order to install spyware on them, iOS devices must be jailbroken. “Jailbreaking” a device means using software exploits within the device’s operating system in order to remove certain restrictions on the device. This can be useful in many ways, but also adversely affects the security of the device. Spyware is typically used to track the device activities of the owner and is commonly seen in cases of overbearing (or even malicious) employers, abusive partners, and similar undesirable situations. If you need to know if an iPhone has been jailbroken, we can help.

Expert Testimony

Gillware’s digital forensics experts are also able to provide expert testimony services in a court of law, whether that is to evaluate an opposing expert’s findings or to testify about the findings of your own forensics case. One of the most critical aspects of a forensics case that ends up in court is being able to clearly communicate the findings and provide an accurate analysis of the data to the court. If technical confusion is allowed to happen, there is a chance that reasonable doubt will enter the case where it would otherwise not occur. To ensure your case has the best chance of being understood and communicated clearly in a court of law, we’re here.

Use Gillware for Your iOS Forensics Case

With our world-class digital forensics experts and the right tools to handle difficult cases, we can assist for all your iOS forensics needs.