Thursday, January 24, 2013

A Sirious proposal

[/badpuns]
 
 
 
Siri Forensics
 

            Siri is an application for Apple's iOS which functions as a voice-activated personal assistant.  After it was acquired by Apple, Siri was first supported on the iPhone 4S and is currently used on most iOS 6 devices including the iPhone 5, iPad 3, iPad Mini, and fifth-generation iPod Touch.  Siri can perform a variety of functions and is often used as a hands-free method to send commands to the device, such as making calls or transcribing and sending text messages.  The user can also ask questions or request recommendations, which the program sends to web services such as Wolfram Alpha and replies with an answer.

            In order to interpret and act on voice commands, the program must at some point record the user and perform voice recognition.  The request must also be converted into some form of text for web services to be able to answer it.  These facts along with Apple's patent detailing the basic processes of Siri leads me to believe that Siri must record and store the user's requests somewhere on the device for future reference.  Through my research I hope to learn three things:

            1. The exact method used by Siri to handle requests.

            2. What information Siri stores on the device, and where.

            3. If any information can be extracted and parsed into a form useable by a forensic examiner.

 

 
Preliminary Outline

 
I. Executive summary

II. Introduction and Statement of Topic

III. Siri to Date

            1. What is Siri?

            2. History of the program

            3. Prior work and published information

IV. Plan of Attack

            1. Tools and setup

                        a. Hardware used

                        b. Software used

            2. How does Siri work and where is the data?

                        a. Process monitoring

                        b. Comparison of phone data before and after use

                        c. Analysis of network traffic

                        d. How is the data stored?

                        e. Attempt to parse

V. Research

            1. Science!

VI. Ethics and Responsibility

            1. Warrant/privacy?

VII. Summary and Conclusion

VIII. Appendix and Works Cited
 
 
Preliminary Research
 
            Despite the attention that Siri has received since its release, very little has been done in the way of research.  Many blogs and news sites have written high-level descriptions of what Siri does, but no detailed information on its inner workings.  I have so far been unable to find any true forensic research done on the program.  If any technical research has been published, it does not appear to have made it outside closed circles.  The one source I have found for technical information is Apple's patent application for a "Technical Automated Assistant."  While the document does not give specific details, it gives a basic explanation of the steps that Siri takes when handling a user request.  One part in particular (diagram shown below) outlines caches of short- and long-term "Personal Memory" kept on the phone to assist in the client-side processing of requests. 
            Whether I succeed or fail in my goals, I hope that this research will be useful to forensic examiners in all fields.  If successful, Siri would be a new source of evidence for investigators.  Decoding Siri requests would serve a similar purpose as search history, and could be a valuable piece of evidence in both criminal and civil cases.  If I fail, then hopefully my failure will be thorough enough that Siri can be ruled out as a source of information without having to spend and more time and resources.