Showing posts from 2023

iOS Forensics: tool validation based on a known dataset - Preamble

Hello world, it’s been a while since my last series of blog posts! But now I am ready to share with you the results of my recent research. I face many different challenges in my daily work as a digital forensics analyst, who deals mainly with mobile devices. All modern smartphones are encrypted (usually with file-based encryption (FBE)), so obtaining or cracking the passcode is required to gain access to all the data stored on the device. And even if we know the passcode (or the user has not set the passcode, which is increasingly rare these days), we still need an exploit to gain “root” access to the device to read and copy all the data and get our “best acquisition”, usually a full file system (FFS). And then what?  Then you have an enormous number of bytes stored in hundreds of thousands of files in which to search for relevant information for the case. In simple terms, you have a box and you need to find a small piece of information in that box. In the box there is some info

iOS Forensics References: a curated list

Following up my previous blog post, I decided to create a curated list of iOS Forensics References, organized by folder with specific references (links to blog post, research paper, articles, and so on) for each interesting file.  The list is available as a GitHub repository to make it easier to keep it updated. If you have any proposal for addition in terms of file/folders or a specific reference, please let me know and I'll be happy to add it to the list.