Showing posts from 2022

Sysdiagnose in iOS 16: a first look from a Digital Forensics perspective

Back in May 2019, along with my colleagues Heather Mahalik and Adrian Leong, we wrote the paper " Using Apple “Bug Reporting” for forensic purposes " and some scripts to parse data stored in Sysdiagnose logs. The paper is still available for download and, for the most part, is still accurate. But time goes on, and new iOS versions have come on the market in recent years. I took a first look at a sysdiagnose generated on a freshly wiped iPhone with iOS 16 natively installed. For sysdiagnose generation and extraction, nothing has changed since our paper. You can still generate it in a hardware or software way, and you can extract it with forensic tools (i.e. Elcomsoft iOS Forensic Toolkit ) or with iOS device manager tools (i.e. 3uTools ). Once extracted, the sysdiagnose is a TAR file that contains various files in the root folder and different subfolders. At first look, most of the files seem coherent with what we wrote in the paper. You can in fact find: sysdiagnose.log tas

Android Forensics References: a curated list

During the forensic analysis of a mobile device, we often have the need to understand the content of a specific file or folder. This is particularly true when a file or a folder is not parsed by our set of tools.  Our approach is, typically, to start googling the file or folder name to check if someone else has already done some researches on it. This approach is time consuming and it's not always easy to quickly find the proper reference. I also realized that I googled the same file/folder name multiple times..... So, I decided to create a curated list of Android Forensics References, organized by folder with specific references (links to blog post, research paper, articles, and so on) for each interesting file. I plan to realize in a near future a similar page for iOS. The list is available as a GitHub repository to make it easier to keep it updated. If you have any proposal for addition in terms of file/folders or a specific reference, please let me know and I'll be happy to