6 www.DFInews.com FALL 2014
from the editor
About a week before this issue went to press, we were treated
to a veritable media frenzy surrounding the alleged hacking
of iCloud and the news of hundreds of celebrity nude photos
leaked. Every news outlet, it seemed, was ready to put forth its
own “digital forensics expert” with an explanation of exactly
how the hack occurred and its ramifications. Now as we prepare
to send this page to the printer we are beginning to see the
results of the real investigations into the incident.
It is curious to see the evolution of media coverage on a
high-profile case like this one. The news cycles move so quickly
in our digital world that it is essential for “experts” to come to
conclusions long before any real evidence is available. By the
time the metadata is examined, the attack vectors considered,
and suspects are identified, the media has moved on to the next
Regardless of the general public’s short attention span, some
interesting information about the hack is now coming to light.
In his blog “Jonathan Zdziarski’s Domain,” Zdziarski details his
findings after examining the exif information on two of the
hacked accounts’ files. His meticulous look at the data highlights the importance of patience, care, and attention to detail in this business. While it is easy to speculate or jump to conclusions, the discovery of fact requires hard work and diligence.
Forensic Tools Are Unbiased
Another interesting takeaway from this case was the apparent use of a hacked version of Elcomsoft’s
Password Breaker to scrape the data from the iCloud backups. We must remember that while these tools
are developed with investigative use in mind, the tool itself is blind to who is using it and what his or
her intentions may be. A tool that can help law enforcement discover evidence of child pornography on
someone’s iPhone backup can just as easily be used by a hacker to obtain nude photos and other private
information for blackmail or other nefarious purposes. Our tools can and will be used against us, and the
sooner we prepare for this inevitability, the sooner we can turn this knowledge to our advantage.
Does this case raise questions about the responsibility of companies to ensure that their software falls in
the right hands? Perhaps, but we all know that despite any precautions taken, software is as easily hacked
and leaked as celebrity nude photos. So where does the responsibility lie and what can we do with the
knowledge that this software is in the wrong hands?
Every advancement in technologies and hacking techniques requires an adjustment on the part of
digital forensic investigators. This is where industry newsletters, forums, conferences, and classes come into
play. We must keep an open dialog, keep learning new and better techniques of our own, and be open to
new ideas and possibilities. If you have news or information you would like to share with your fellow investigators, please share it on the DFI News LinkedIn or Twitter pages, or submit an article to the magazine.
We are always looking for new voices and new perspectives. Learn about our author guidelines at www.
dfinews.com/content/author-guidelines, or contact me directly at firstname.lastname@example.org with
any questions or suggestions.
Every advancement in
technologies and hacking
techniques requires an
adjustment on the part of