Within forensic analysis temporal data can be essential when attempting to correlate, sequence and accurately reconstruct events, but irregularities and inconsistencies with some temporal data can introduce errors or yield contrasting portrayals of events. This paper models em-bedded temporal data associated with message exchanges within Apple's iMessage and explains discrepancies that occur, together with methods of identification, to ensure valid results are established. The forensic impact of multiple iOS enabled devices sharing a single Apple ID is also explored, including the identification of the device on which a message originated.
|Publication status||Published - 10 Jun 2013|
|Event||The 3rd International Conference on Cybercrime, Security and Digital Forensics - University of Cardiff, Cardiff, United Kingdom|
Duration: 10 Jun 2013 → 11 Jun 2013
|Conference||The 3rd International Conference on Cybercrime, Security and Digital Forensics|
|Period||10/06/13 → 11/06/13|