Showing posts from November, 2019

Checkm8, Checkra1n and the new "golden age" for iOS Forensics

My dear friend and fantastic professional partner Francesco Picasso always complains about me never posting on Reality Net 's "Blog". In fact, to be honest, we have never been very good at selling our "brand": in the world of digital forensics we are known by our personal accounts ( @mattiaep and @dfirfpi ) and not because of our blog. Yes, we are also known as "The DFIR Mafia", but that is another funny story  😊 Indeed, Francesco is right: my last post on our blog is way back on June 3, 2015 and was titled "iOS 8.3: the end of iOS Forensics?".  After the “first golden age” of iOS Forensics (iPhone 4 "bootrom" exploit dated 2010), most of the forensics techniques were based on Apple's bugs or "left open" doors. Over the years we have explored and tried all the possible ways to extract data from an iOS device. We have relied on, and we still heavily rely on, iTunes backups . It's definitely a