Francis Graf Report - Amanda Ladas Vs. Apple Case

Transcript

This is the 1d Affidavit of was made on Francis Graf in this case and the 4Á day ot October,2012. Action No. 5112969 Vancouver Registry IN SUPREME COURT OF BRITISH COLUMBIA Between: Amanda Elizabeth Ladas Plaintiff And: Apple lnc. ndant "Brought under the Class Proceedings AFFIDAV¡T Ac],RSBC 1996, c. 50" I, Francis Graf, Digital Forensics Examiner, c/o Suite 302-1224 Hamilton Street, in the City of Vancouver, Province of British Columbia, MAKE OATH AND SAY THAT: 1. 2. Attached hereto and marked as Exhibit "A" to this my affidavit is a true copy of my expert report herein dated June 6, 2012. The exhibit examined by me in the course of the preparation of my report that is marked as Exhibit "4" to this my affidavit and described at page 4 of the said report as "Exhibit 1 - #4C41081: iPhone 3GS Serial #799462PP3NP (MRitchie's iPhone)" was hand delivered to me by Megan Ritchie on January 19,2012 at 08:30 a,m. at Victoria, British Columbia. 3. The exhibit examined by me in the course of the preparation of my report that is marked as Exhibit "A" to this my affidavit and described at page 4 of the said repoñ as 2 "Exhibit 2 - #ACA1082: iPhone 3GS Serial #87024S1KEDG (iphone3gs)" was hand delivered to me by Rahiman Sattar on January 14,2012 at 3:30 p.m. at Surrey, British Columbia. 4. The exhibit examined by me in the course of the preparation of my report that is marked as Exhibit "4" to this my affidavit and described at page 4 of the said report as "Exhibit 3 - #TCS: iPhone 4 Serial #881113G844T (Mommy's iPhone4) backup file" was hand delivered to me by Norbert Pinter on January 14,2012 at 12:00 noon at Vancouver, British Columbia. SWORN BEFORE ME at the City of Victoria, in the Provinc British Columbia, day of this for the Province of British Columbia g}l'852 Fott Strect Victoria BC V8\V lHt '"r: zso-sigó0 22 Fax 25&3E96033 DAVID MI,JLRONEY Ba¡¡istcr & Solicitot MulroneY & ComPanY GenLiU9ST2laff#1 of Francis Graf thts. iOS4x Location Based Services Analysis Report Report Prepared for: Amanda Elizabeth Ladas c/o Suite #302-1224 Hamilton Street Vancouver, BC V6B 2S8 Report Prepared by: Francis Graf B.Sc., M.4., EnCE, CFCE, A+ c/o Suite #302-t224 Hamilton Street Vancouver, BC V6B 2SB Area of Expertise: Digital Forensics July 29,2072 Date: iOS4x Location Based Sen¡ices Analysis Report TABLE OF CONTENTS: REASONS FOR OPINION AND DESCRIPTION OF RESEARCH AND ANAIYSIS.......................3 iOS4x Location Based Services Analysis Report I nstructions Provided : I have been instructed to provide my expert opinion on wha! if an¡ location based data is stored on devices sold in Canada by Apple Inc,, running the iOS4x operating system and whether or not any of that data is transferred to any computer connected to such devices when the devices are backed up in relation to Ladas v Apple Inc. Vancouver Registry File Number 5LL2969. Nature of Opinion Sought I understand that my opinion is being sought to assist the Court in determining whether or not iOS4x functions in breach of users'privacy and security rights. Opinion iOS4x stores specific location based data in unencrypted form, including dates and tÍmes, assocÍated to geographic location coordinates, on devices that run on it. That data is copied onto any computer the devices are connected to when they are backed up. This location data spans a period of approximately one year prior to any given back up and is easily accessed using free tools readily available on the internet. Each backup file contains specific geographical location coordinates, including date and tÍme stamps, in unencrypted form, for approximately one year prior to the date the backup was taken. Each successive backup file contains new location data for approximately one year prior to the date of that backup, thereby increasing the aggregate location based data stored in unencrypted form. Reasons for Opinion and Description of Research and Analysis The reasons for my opinion are based on the research and analysis performed by me as described in Appendix "4" regarding the location based data stored on Apple Inc. devices that run iOS4x and the backup of this data to computers connected to the devices when the devices are backed up. The process and methodology that I used to preserve, recover and analyze the location based data stored on Apple Inc. devices running on iOS4x, and their respective backup files, is included in Appendix "A". iOS4x Location Based Services Analysis Report Factual Assumptions: I assumed that the exhibits ("Exhibits") examined by me: Exhibit L - #4CA1081: iPhone 3GS Serial #799462PP3NP (MRitchie's iPhone) Exhibit 2 - #4C41082: iPhone 3GS Serial #87024SLKEDG fiphone3gs) Exhibit 3 - #TCS: iPhone 4 Serial #881113G844T (Mommy's iPhone4) backup file and their associated backup files are a representative sample of devices sold in Canada by Apple Inc. that run on iOS4x and the associated backup files are a representative sample of backup files that relate to these devices and that, therefore, my findings are representative of findings expected on other Apple Inc. devices sold in Canada that run on the same i0S4x and their backup files. Methodology: Exhibit 1 (#4C41081) and Exhibit 2 [#4C41082) were examined using industry standard methodology and tools described in Appendix "A". The backup file of the third exhibit [#TCS) was previously obtained by another professional services firm and provided to me as a backup file. This backup file was examined using the same methodology and tools as for Exhibit L and Exhibit 2. Findings: Each of the Exhibits exhibits analyzed produced a "consolidated.db" database file when backed up using iTunes software. This "consolidated.db" database file contains an unencrypted twelve month cache of latitude and longitude geographical coordinates as well as date and timestamps of the respective coordinates. This "consolidated.db" database file also contained the unique serial number of the iPhone being backed up. 4 iOS4x Location Based Services Analysis Report Advice and Certification I am aware that I have a duty, in giving an opinion to the court, to assist the court and not be an advocate for any party. This report has been made in conformity with my duty and I will, if called on to give oral or written testimony, give that testimony with conformitywith that duty. I am primarily responsible for the contents of this report. Respectfully submitted, iOS4x Location Based Services Analysis Report Aprpenei ix A: í Phone Leieætie¡¡r Services Anar lysis tVletheielo!ogy 1_. Create a "New User" account on the desktop PC in order to isolate the creation of the iPhone backup to a unique location and avoid any risk of cross-contamination of the backed up data across other users. Place the iPhone in Airplane Mode and navigate to: Settings\General\About to confirm the Software Version (4.2.I [8C1 8a)) of the iPhone: 6 iOS4x Location Based Services Analysis Report 3. Before connecting the iPhone to the desktop PC, open iTunes on the desktop PC. As this is the first time running iTunes, the user must "Agree" to the iTunes Software License Agreement in order to proceed: iTunes Software License ENGLIS}I Apple lnc. Sofnvare Llccnse Agreement For lTunes Please read thls software llcense agreement ("Llcense") carefully before uslng the Apple software. By uslng the Apple software, you are agreelng to be bound by the terms of thls Llcense. ll you do not agree to the terms of thls Llcense, do not use the software. f you do not agree to the terms of the Llcense, you may return the Apple software to thê place where you obtalned h for a refund. lf the Apple software was accessed electronlcally, cllck "dlsagreeJ decllne". For Apple software lncluded wlth your purchase of hardware, you must return the entlre hardware/software package ln ordêr to obtaln a refund, lmportant Note: To the extent that thls software may be used to reproduce materlals, lt ls llcensed to you only for reproducllon of non-copyrlghted materlals, materlals ln whlch you own the copyrlght, or materlals you are authorEed or legally permltted to reproduce. To the êxtent that thls softrvare may be used for remote accêss to muslc flles for llstenlng betweên computers, remotê accêss of copyrlghtêd muslc ls only provlded for lawful personal use or as othenvlse legally pêrmlttêd, lf you are uncertaln about your rlglrt to copy or pêrmlt access to eny materlal you should contact your legal aüvlsor. 1. General. The soñrare, documentation and any fonls accompanylng this Licensê whether on dlsk, ln read only memory, on any other media or ln any other form (colledlvely the 'Apple Snfir¡rare") ârÊ llcênsêd nnl snlrl to vou hv Annlc lnc l"Annlê") for usê onlv unrier thc lerms nf lh¡s ', s"rra '' ' Decline ' iOS4x Location Based Services Analysis Report 4. After "Agreeing" to the iTunes Software License Agreement, iTunes will open with a "Welcome to iTunes" screen: ¡Tunes Tutorials Tutorial FeedbÂck ) i a - -Þ- - "rrffi Welcome to iTunes. No!.r you can orqànrze arìd pl¿y iPod g or rPhone. rn"o,n. ^nd your d¡q¡töl musjc ånd video on your l"tac or PC ¡t ro your iruner. -t"*, ðnt't¡me Arr on^dd "li:i.t;:;"" l::l""i iOS4x Location Based Sen¡ices Analysis Report 5. [n iTunes, navigate to: iTunes\Preferences\Devices and check the box to "Prevent iPods, iPhones, and iPads from syncing automatically": tf i Prevent iPods, iPhones, and i s from syncing automatically Forget All Remotes nes is not paired with any Remotes iOS4x Location Based Services Analysis Report 6. e.\o Click "OK" and the user is returned to the iTunes home screen: tfu\.-, '-i{ R¡dlo Qwshffi À ÍoRt ,'l\ Íun$ hr I ô MRlt.hlc'r ¡ñ ,Ff O SW€D HmG shúg ,-, I Upd¡te I Dl CENIUS $ ccntur MYUS Ë, ÍuÈr nerer EE¡oñ of the iPfione software i¡ ¡v¡il¡bl. (w.s¡ü 5.0.11. To uldate wuriphonewiththelarestsoftwüe,dickUpdate, A Ç 9o': rurt< i¡ Clùstol tEk $ l*rrtcudu ö ¡y rq utc¿ 0 ß.