-
A first look at Android 14 forensics
Android 14 was released to the public by the Open Handset Alliance on October 4, 2023, and is now available on various smartphones, including the Google Pixel. This blog post aims to explore a list of the majr oartifacts you can find on this version of the Android OS. For testing and review, I set up…
-
Analysis of Android settings during a forensic investigation
During the forensic examination of a smartphone, we sometimes need to understand some basic settings of the device. Some simple examples are: What is the name of the device? Is the “Set time automatically” option on or off? Is the “Set time zone automatically” option on or off? Is mobile data switched on or off?…
-
Has the user ever used the XYZ application? aka traces of application execution on mobile devices
A common question during a forensic investigation of a digital device is: “Has the user ever used the XYZ application?“. As always when answering this question, it is important to create and follow a solid process. In this blog post, I want to share a possible process that everyone should customize based on their needs…
-
iOS 15 Image Forensics Analysis and Tools Comparison – Browsers, Mail Clients, and Productivity apps
The fifth episode is dedicated to three categories of third-party apps: browsers, mail clients, and productivity apps. There are 6 browsers, 3 mail clients, and 3 productivity applications available in Josh Hickman’s acquisition. The 6 browsers are listed below, in alphabetical order. Brave DuckDuckGo Firefox Firefox Focus Google Chrome Microsoft Edge The 3 mail clients…
-
iOS 15 Image Forensics Analysis and Tools Comparison – Communication and Social Networking Apps
The fourth episode is dedicated to the most analyzed family of applications: communication and social networking apps. Before I start, I would like to mention that I have made some corrections to the previous blog post, based on feedback by tool developers. Also, most of them have confirmed to me that they are working on…
-
iOS 15 Image Forensics Analysis and Tools Comparison – Native Apps
I am finally back with the third blog post in the series! Before I introduce this new post, I want to point out some updates to the previous blog post. I have corrected a couple of errors related to the Belkasoft tool, in particular the device UDID and the device phone number. Also, after the…
-
iOS 15 Image Forensics Analysis and Tools Comparison – Processing details and general device information
As explained in the first blog post, I would like to start discussing the acquisition and processing details. The acquisition was done by Josh Hickman using the Cellebrite Premium tool and the result is a Full File System capture in the traditional file format created by UFED. If you open the file EXTRACTION _FFS.zip ZIP…
-
iOS Forensics: tool validation based on a known dataset – Preamble
Hello world, it’s been a while since my last series of blog posts! But now I am ready to share with you the results of my recent research. I face many different challenges in my daily work as a digital forensics analyst, who deals mainly with mobile devices. All modern smartphones are encrypted (usually with…
-
iOS Forensics References: a curated list
Following up my previous blog post, I decided to create a curated list of iOS Forensics References, organized by folder with specific references (links to blog post, research paper, articles, and so on) for each interesting file. The list is available as a GitHub repository to make it easier to keep it updated. If you…
-
Sysdiagnose in iOS 16: a first look from a Digital Forensics perspective
Back in May 2019, along with my colleagues Heather Mahalik and Adrian Leong, we wrote the paper “Using Apple “Bug Reporting” for forensic purposes” and some scripts to parse data stored in Sysdiagnose logs. The paper is still available for download and, for the most part, is still accurate. But time goes on, and new…