Skip to content
  • About Me
  • Books
  • Photography
  • Papers
  • Security
  • Forensics
  • Essays
  • Christianity

Calendar

May 2022
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
« Mar    

Archives

  • May 2022
  • March 2022
  • January 2022
  • December 2021
  • November 2021
  • September 2021
  • July 2021
  • June 2021
  • January 2021
  • December 2020
  • November 2020
  • March 2020
  • September 2019
  • August 2019
  • November 2018
  • August 2018
  • March 2018
  • March 2017
  • February 2017
  • January 2017
  • November 2016
  • October 2016
  • July 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • June 2015
  • March 2015
  • February 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • January 2014
  • October 2013
  • September 2013
  • June 2013
  • May 2013
  • April 2013
  • December 2012
  • May 2012
  • September 2011
  • June 2011
  • August 2010
  • July 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • July 2009
  • May 2008
  • March 2008
  • January 2008
  • June 2007
  • August 2006
  • February 2006

Categories

  • Apple
  • Christianity
  • Essays
  • Forensics
  • General
  • Machine Learning
  • Music
  • Opinion
  • Photography
  • Politics
  • Security











ZdziarskiDFIR, security, reverse engineering, photography, theology, funky bass guitar. All opinions are my own.
  • About Me
  • Books
  • Photography
  • Papers
  • Security
  • Forensics
  • Essays
  • Christianity
Apple . Forensics . Politics

10 Reasons Farook’s Work Phone Likely Won’t Have Any Evidence

On February 18, 2016 by Jonathan Zdziarski

Ten reasons to consider about Farook’s work phone:

  1. Farook burned and destroyed two other electronic devices, going to great lengths to protect data he knew was on the devices. He also had opportunity to destroy this one if it had anything incriminating on it.
  2. The device was making iCloud backups until a month and a half before the spree, there was absolutely nothing in them. iCloud backups could have ceased for a number of reasons, including a software update that was released on October 21, just two days after the last backup, or due to iCloud storage filling up.
  3. Find my iPhone is still active on the phone (search by serial number), so why would a terrorist use a phone he knew was tracking him? Obviously he wouldn’t. The Find-my-iPhone feature is on the same settings screen as the iCloud backup feature, so if he had disabled backups, he would have definitely known the phone was being tracked. But the argument that Farook intentionally disabled iCloud backup does not hold water, since he would have turned off Find-my-iPhone as well.
  4. In addition to leaving Find-my-iPhone on, the option to delete all prior backups (which include iMessage history and other content) is also on the same settings screen as the option to disable iCloud backups. If Farook was trying to cover up evidence of leads, he would have also deleted the existing backups that were there. By leaving the iCloud backup data, we know that Farook likely did not use the device to talk to any leads prior to October 19.
  5. FBI appears to have initially received the device still powered on, and would have had the opportunity to interrogate Siri for content on the device. Either this has already happened, yet yielded no finding of evidence, or they didn’t consider the phone important enough at the time. There are law enforcement white papers on doing this, so the technique is rather well known.
  6. From what I’ve read, they were not recruited BY ISIS, but were indoctrinated and decided to act out, there’s no evidence to suggest they ever had any contact with ISIS on any device.
  7. The FBI would already have all call records, cellular metadata, email records, Facebook and other social media content, and text message endpoint metadata for this device; none of the court documents indicated that there was any hard evidence tying the device to a lead or suspect. Based on this, it is a reasonable conclusion to expect that there is virtually zero metadata from any carrier to suggest that the device was used to communicate with other persons of interest. Communication with any of the victims could be obtained from the victims’ devices, at least some of which must certainly be unlocked, have a PIN for, have iCloud backup data for, or be on completely different non-Apple devices that could be accessed.
  8. Suspect used a simple numeric passcode on the device; this was both mentioned in the DOJ filing as well as is obvious from looking at the initial court order. In spite of his taking incredible steps to protect the evidence on his other devices, there’s no reason he’d use a simple PIN if he was this security conscious. Someone who is this concerned about covering their tracks would have used a complex passcode, as this stretches the brute force time from 22 hours (for a six digit pin) to 6 years (for a six digit alphanumeric passcode), exponentially more for longer passcodes.
  9. As an employer-owned device, he would have been (and for good reason) paranoid that the phone could be monitored, so would have been foolish to use it in the first place.
  10. FBI likely would have already run the device on a Stingray, to capture outgoing traffic. Any network traffic the device, including third party applications with background tasks, would have generated would be visible by FBI. The absence of any findings of evidence to compel a judge to grant the order demonstrates again they’ve found nothing coming out of the device.

Archives

  • May 2022
  • March 2022
  • January 2022
  • December 2021
  • November 2021
  • September 2021
  • July 2021
  • June 2021
  • January 2021
  • December 2020
  • November 2020
  • March 2020
  • September 2019
  • August 2019
  • November 2018
  • August 2018
  • March 2018
  • March 2017
  • February 2017
  • January 2017
  • November 2016
  • October 2016
  • July 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • June 2015
  • March 2015
  • February 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • January 2014
  • October 2013
  • September 2013
  • June 2013
  • May 2013
  • April 2013
  • December 2012
  • May 2012
  • September 2011
  • June 2011
  • August 2010
  • July 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • July 2009
  • May 2008
  • March 2008
  • January 2008
  • June 2007
  • August 2006
  • February 2006

Calendar

May 2022
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
« Mar    

Categories

  • Apple
  • Christianity
  • Essays
  • Forensics
  • General
  • Machine Learning
  • Music
  • Opinion
  • Photography
  • Politics
  • Security

All website content Copyright © 2000-2022 by Jonathan Zdziarski