Clik here to view.
iCloud and iMessage Security Concerns
We also trust these companies in ways that we do not understand yet. How many of you trust Apple? No voting… Just me Damn! OK. May I ask you a very good question. Trusting to do what? Trusting when...
View ArticleClik here to view.
How to Obtain iMessages from iCloud
iOS 11.4 has finally brought a feature Apple promised almost a year ago: the iMessage sync via iCloud. This feature made its appearance in iOS 11 beta, but was stripped from the final release. It...
View ArticleClik here to view.
Extracting Apple Health Data from iCloud
Heartrate, sleeping habits, workouts, steps and walking routines are just a few things that come to mind when we speak of Apple Health. Introduced in September 2014 with iOS 8, the Apple Health app is...
View ArticleClik here to view.
Six Ways to Decrypt iPhone Passwords from the Keychain
In Apple’s world, the keychain is one of the core and most secure components of macOS, iOS and its derivatives such as watchOS and tvOS. The keychain is intended to keep the user’s most valuable...
View ArticleClik here to view.
The Most Unusual Things about iPhone Backups
If you are familiar with breaking passwords, you already know that different tools and file formats require a very different amount of efforts to break. Breaking a password protecting a RAR archive can...
View ArticleClik here to view.
Apple Watch Forensics 02: Analysis
Over the last several years, the use of smart wearables has increased significantly. With 141 million smartwatch units sold in 2018, the number of smart wearables sold has nearly doubled compared to...
View ArticleiOS 13 (Beta) Forensics
iOS 13 is on the way. While the new mobile OS is still in beta, so far we have not discovered many revolutionary changes in the security department. At the same time, there are quite a few things...
View ArticleClik here to view.
Accessing iCloud With and Without a Password in 2019
In iOS forensics, cloud extraction is a viable alternative when physical acquisition is not possible. The upcoming release of iOS 13 brings additional security measures that will undoubtedly make...
View ArticleExtended Mobile Forensics: Analyzing Desktop Computers
When it comes to mobile forensics, experts are analyzing the smartphone itself with possible access to cloud data. However, extending the search to the user’s desktop and laptop computers may (and...
View ArticleClik here to view.
How To Access Screen Time Password and Recover iOS Restrictions Password
The Screen Time passcode (known as the Restrictions passcode in previous versions of iOS) is a separate 4-digit passcode designed to secure changes to the device settings and the user’s Apple ID...
View ArticleClik here to view.
iOS Device Acquisition with checkra1n Jailbreak
We’ve just announced a major update to iOS Forensic Toolkit, now supporting the full range of devices that can be exploited with the unpatchable checkra1n jailbreak. Why is the checkra1n jailbreak so...
View ArticleClik here to view.
Extracting Skype Histories and Deleted Files Metadata from Microsoft Account
Skype synchronizes chats, text messages and files sent and received with the Microsoft Account backend. Accessing Skype conversation histories by performing a forensic analysis of the user’s Microsoft...
View ArticleClik here to view.
The True Meaning of iOS Recovery, DFU and SOS Modes for Mobile Forensics
What is DFU, and how is it different from the recovery mode? How do you switch the device to recovery, DFU or SOS mode, what can you do while in these modes and what do they mean in the context of...
View ArticleClik here to view.
Apple vs. Law Enforcement: Cloud Forensics
Today’s smartphones collect overwhelming amounts of data about the user’s daily activities. Smartphones track users’ location and record the number of steps they walked, save pictures and videos they...
View ArticleClik here to view.
Full File System Acquisition of iPhone 11 and Xr/Xs with iOS 13
The popular unc0ver jailbreak has been updated to v4, and this is quite a big deal. The newest update advertises support for the latest A12 and A13 devices running iOS 13 through 13.3. The current...
View ArticleClik here to view.
Cloudy Times: Extracting and Analyzing Location Evidence from Cloud Services
Geolocation data can provide a wealth of evidence to various government agencies. Law enforcement agencies use location data to help place suspects near a crime scene in a given time frame. However,...
View ArticleClik here to view.
iOS acquisition methods compared: logical, full file system and iCloud
The iPhone is one of the most popular smartphone devices. Thanks to its huge popularity, the iPhone gets a lot of attention from the forensic community. Multiple acquisition methods exist, allowing...
View ArticleClik here to view.
Forensic guide to iMessage, WhatsApp, Telegram, Signal and Skype data...
Instant messaging apps have become the de-facto standard of real-time, text-based communications. The acquisition of instant messaging chats and communication histories can be extremely important for...
View ArticleClik here to view.
iOS Acquisition Reloaded
The new build of iOS Forensic Toolkit is out. This time around, most of the changes are “internal” and do not add much functionality, but there is a lot going on behind the scenes. In this article, we...
View ArticleClik here to view.
checkra1n & unc0ver: How Would You Like to Jailbreak Today?
Extracting the fullest amount of information from the iPhone, which includes a file system image and decrypted keychain records, often requires installing a jailbreak. Even though forensically sound...
View Article
