-
Dissecting the Android WiFiConfigStore.xml for forensic analysis
A smartphone is often connected to a Wi-Fi network: think of how much time we spend at home, in our office, or even in a public place while studying or exercising. As soon as we can reach a (hopefully trusted) Wi-Fi network, we connect to it! On Android devices, the Wi-Fi connection is managed by…
-
A first look at Android 14 forensics
Android 14 was released to the public by the Open Handset Alliance on October 4, 2023, and is now available on various smartphones, including the Google Pixel. This blog post aims to explore a list of the majr oartifacts you can find on this version of the Android OS. For testing and review, I set up…
-
Analysis of Android settings during a forensic investigation
During the forensic examination of a smartphone, we sometimes need to understand some basic settings of the device. Some simple examples are: What is the name of the device? Is the “Set time automatically” option on or off? Is the “Set time zone automatically” option on or off? Is mobile data switched on or off?…
-
Has the user ever used the XYZ application? aka traces of application execution on mobile devices
A common question during a forensic investigation of a digital device is: “Has the user ever used the XYZ application?“. As always when answering this question, it is important to create and follow a solid process. In this blog post, I want to share a possible process that everyone should customize based on their needs…
-
iOS 15 Image Forensics Analysis and Tools Comparison – Browsers, Mail Clients, and Productivity apps
The fifth episode is dedicated to three categories of third-party apps: browsers, mail clients, and productivity apps. There are 6 browsers, 3 mail clients, and 3 productivity applications available in Josh Hickman’s acquisition. The 6 browsers are listed below, in alphabetical order. Brave DuckDuckGo Firefox Firefox Focus Google Chrome Microsoft Edge The 3 mail clients…
-
iOS 15 Image Forensics Analysis and Tools Comparison – Communication and Social Networking Apps
The fourth episode is dedicated to the most analyzed family of applications: communication and social networking apps. Before I start, I would like to mention that I have made some corrections to the previous blog post, based on feedback by tool developers. Also, most of them have confirmed to me that they are working on…
-
iOS 15 Image Forensics Analysis and Tools Comparison – Native Apps
I am finally back with the third blog post in the series! Before I introduce this new post, I want to point out some updates to the previous blog post. I have corrected a couple of errors related to the Belkasoft tool, in particular the device UDID and the device phone number. Also, after the…
-
iOS 15 Image Forensics Analysis and Tools Comparison – Processing details and general device information
As explained in the first blog post, I would like to start discussing the acquisition and processing details. The acquisition was done by Josh Hickman using the Cellebrite Premium tool and the result is a Full File System capture in the traditional file format created by UFED. If you open the file EXTRACTION _FFS.zip ZIP…
-
iOS Forensics: tool validation based on a known dataset – Preamble
Hello world, it’s been a while since my last series of blog posts! But now I am ready to share with you the results of my recent research. I face many different challenges in my daily work as a digital forensics analyst, who deals mainly with mobile devices. All modern smartphones are encrypted (usually with…
-
iOS Forensics References: a curated list
Following up my previous blog post, I decided to create a curated list of iOS Forensics References, organized by folder with specific references (links to blog post, research paper, articles, and so on) for each interesting file. The list is available as a GitHub repository to make it easier to keep it updated. If you…