When mobile forensic investigators and e-discovery experts work with the latest generation of Apple Inc. mobile devices, they remain stumped about how to view password-protected emails.
In many cases, passwords and pass-phrases are handed over during discovery proceedings to unlock encrypted content. But when passwords aren't available, investigators can only see encrypted data instead of email contents. That's true on the iPhone 5, iPad 4, and iPad Mini.
Even the most common forensic products, such as Cellebrite Mobile Synchronization's Universal Forensic Extraction Device (UFED) system and Micro Systemation's XRY, cannot cross that chasm. Progress has been slow.
"We continue to monitor that very closely. I wish I could tell you that the industry as a whole is going to crack this nut very soon," Cellebrite USA CEO James Grady said. Glen Rock, N.J.-based Cellebrite officials explained that their products access data on other phones and on older i-devices by intervening in the device's memory before it reaches the booting stage, but that technique doesn't help on the newer iOS 6 devices running on Apple's A5X and A6 chipsets such as the iPhone 5 and iPad 4 devices.
"It's an ongoing piece of research for us though. We're not giving up by any means," Grady said.
Micro Systemation also acknowledges the challenge. "I would say it's an obstacle for all the companies," CEO Joel Bollö noted, in Stockholm, Sweden. Both companies' products are used by the majority of cellular carriers and by myriad law enforcement agencies and militaries.
Security researchers are making slight progress toward viewing i-device emails. The process is advancing slowly because Apple focuses on protecting data, and legitimate forensic techniques often have technical similarities to malicious attacks.
A special class of computer hackers known as "jailbreakers" are developing software that forensic companies can use as foundations to make e-discovery products capable of extracting unencrypted email messages from iOS 6 devices. Jailbreaking is slang, referring to programs that circumvent manufacturer restrictions on the device's file system.
The software is meant for consumers and, despite its name, is not ominous. Jailbreaking one's phone has useful implications for ordinary users, such as being able to install software from any source rather than just from Apple's App Store. American law, as of Oct. 28, 2012, allows jailbreaking on smartphones but not on tablets. Laws in other countries vary.
Progress arrived on Feb. 4 when a hacker community called "evad3rs"pronounced "evaders"released what's believed to be the first jailbreak for the current-generation of Apple mobile devices. The software, "evasi0n", successfully lets users install third-party software. By having that capability, companies that make forensic software have a new arrow in their quiver for developing forensics software, because a jailbreak is often the first step toward accessing protected or encrypted data.