[/badpuns]
Siri
Forensics
Siri
is an application for Apple's iOS which functions as a voice-activated personal
assistant. After it was acquired by
Apple, Siri was first supported on the iPhone 4S and is currently used on most
iOS 6 devices including the iPhone 5, iPad 3, iPad Mini, and fifth-generation
iPod Touch. Siri can perform a variety
of functions and is often used as a hands-free method to send commands to the
device, such as making calls or transcribing and sending text messages. The user can also ask questions or request
recommendations, which the program sends to web services such as Wolfram Alpha
and replies with an answer.
In
order to interpret and act on voice commands, the program must at some point
record the user and perform voice recognition.
The request must also be converted into some form of text for web
services to be able to answer it. These
facts along with Apple's patent detailing the basic processes of Siri leads me
to believe that Siri must record and store the user's requests somewhere on the
device for future reference. Through my
research I hope to learn three things:
1.
The exact method used by Siri to handle requests.
2.
What information Siri stores on the device, and where.
3.
If any information can be extracted and parsed into a form useable by a
forensic examiner.
Preliminary
Outline
I. Executive summary
II. Introduction and Statement of
Topic
1.
What is Siri?
2.
History of the program
3.
Prior work and published information
IV. Plan of Attack
1.
Tools and setup
a.
Hardware used
b.
Software used
2.
How does Siri work and where is the data?
a.
Process monitoring
b.
Comparison of phone data before and after use
c.
Analysis of network traffic
d.
How is the data stored?
e.
Attempt to parse
V. Research
1.
Science!
VI. Ethics and Responsibility
1.
Warrant/privacy?
VIII. Appendix and Works Cited
Preliminary
Research
Despite
the attention that Siri has received since its release, very little has been
done in the way of research. Many blogs
and news sites have written high-level descriptions of what Siri does, but no
detailed information on its inner workings.
I have so far been unable to find any true forensic research done on the
program. If any technical research has
been published, it does not appear to have made it outside closed circles. The one source I have found for technical
information is Apple's patent application for a "Technical Automated
Assistant." While the document does
not give specific details, it gives a basic explanation of the steps that Siri
takes when handling a user request. One
part in particular (diagram shown below) outlines caches of short- and
long-term "Personal Memory" kept on the phone to assist in the
client-side processing of requests.
Whether
I succeed or fail in my goals, I hope that this research will be useful to
forensic examiners in all fields. If
successful, Siri would be a new source of evidence for investigators. Decoding Siri requests would serve a similar
purpose as search history, and could be a valuable piece of evidence in both
criminal and civil cases. If I fail,
then hopefully my failure will be thorough enough that Siri can be ruled out as
a source of information without having to spend and more time and resources.
